The very first NIM password prompt -- customer feedback needed.

Christopher D. Clausen cclausen at acm.org
Tue Sep 25 16:23:24 EDT 2007 

The Stanford view is generally true at UIUC as well.  Although not that 
many departments are using KfW.  I generally suspect that most larger 
universities have some type of authn|z system setup where the usernames 
match the Kerberos principals.

Of course, a few departments refuse to use the centralized directory and 
do their own thing.  But that usually means that they have their own 
authn as well (and therefore I do not care about them as they get what 
they deserve for their deviations.)

UIUC has what is branded as a "netid password" which a UIUC.EDU Kerberos 
password.  There is also your "Active Directory" password which is the 
AD.UIUC.EDU realm.  Ironically, the UIUC.EDU password is now being 
actively refered to as an "MIT password" since it is in MIT Kerberos. 
Of course, that term is only used by those who deal with the realm 
directly and not by end-users.  If you care, you can read more at: 
http://www.cites.uiuc.edu/passwords/changes.html  (There are at least 5 
different authentication systems in wide use throughout campus, and that 
doesn't even count departmental level ones.)

I would prefer to not modify the current NIM prompts and assume that the 
Windows username matches the Kerberos principal name in the default 
realm.

<<CDC

Kevin Koch <kpkoch at mit.edu> wrote:
> If you're not at Stanford, we'd like to hear your views, too.
>
> Kevin Koch
>
> -----Original Message-----
> From: kfwdev-bounces at MIT.EDU [mailto:kfwdev-bounces at MIT.EDU] On
> Behalf Of Sam Hartman
> ...
>>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
>
>    Russ> Jeff's analysis is correct for Stanford University:
>    Russ> "Kerberos" as a label is likely to be confusing to our less
>    Russ> technical users.  We use an internal branding of "SUNet ID"
>    Russ> for a variety of reasons and many users don't know and don't
>    Russ> care what authentication technology is behind it.
>
> Interesting.  We've been branding KFM as Kerberos for years and
> haven't run into trouble.
>
> I think we'd definitely be very interested in discussing this issue
> with users who think it would be harmdful.
> Could you forward this to the appropriate folks at Stanford for such a
> discussion?

More information about the kfwdev mailing list