Strong Authentication at Fermilab
Appendix C. More about Choosing a Principal Name
TOC PREV NEXT INDEX

Chapter Contents

Appendix C. More about Choosing a Principal Name
  C.1 Guidelines for Choosing a Kerberos Principal
  C.2 If your Principal and Login Name do not Match

 

Links

View or print PDF file of chapter

Back to Strong Auth Index Page
CD Home Page
Fermilab at Work
Fermilab Home


Appendix C. More about Choosing a Principal Name


In this appendix, we present information for users who have pre-existing account names and/or an email address at Fermilab, and for whom the guidelines in Chapter 3: Kerberos Principals and Passwords are not straightforward to follow.

C.1 Guidelines for Choosing a Kerberos Principal

In Chapter 3: Kerberos Principals and Passwords, we provided the following guidelines for choosing a Kerberos principal and system login ids:

If you have pre-existing accounts which make the above guidelines hard to follow, here are further guidelines:

  1. If your existing primary system login name (UNIX and/or Windows) is eight or fewer characters, then use this login name for your Kerberos principal. Notes:
    • If your email address and your primary login name do not match, choose the login name as your principal, not your email address. The Computing Division will reserve this login name for you as an email address name. You may continue to use your existing email address on the mail server for a limited time (not yet specified); please transition to the new one. Separate forwards for the two will not be supported.
    • If your primary login name has ever been used as an email address by an individual besides yourself, you must choose a different name for your Kerberos principal. In fact you will need to relinquish the old login name on each system as it becomes Kerberized.
  2. If your primary login name is longer than eight characters, then you can choose between the following two options:
    • Choose a new name that is eight characters or less, and use it both as your principal and as a new, common login name for all systems. In this case you will have to move or rename your current accounts and files.
    • Go ahead and use the long login name as your principal, but be aware that you will very likely have difficulty using some UNIX resources, and the problems may be hard to diagnose. For example, Solaris currently does not accept login names longer than eight characters.

C.2 If your Principal and Login Name do not Match

If your principal does not match your login name, then you need to be aware of the following:


TOC PREV NEXT INDEX
View/print PDF file | Back to Strong Auth Index Page | Computing Division | Fermilab at Work | Fermilab Home
This page generated on: 09/01/06 16:26:12