You are here

Prometheus: multiple identities

Project ID: 
Current stage: 
Assigned Priority: 
Add support and tools to Prometheus for managing multiple identities

Prometheus was designed to support the management of multiple identities for users, e.g. in the KDC case somebody/admin, somebody/cron. The various parts need to be tied together to implement this. It should be possible to support:

  • Creation of additional identities for any entity
  • Creation of account objects (e.g. AFS pts) for identities
  • Users creating additional identities (of form 'user/something' themselves)
  • Distribution of keytabs

Multiple identities gives a way of separating a user's privileges. Also it allows for automation of authenticated access to resources (e.g. an identity with an AFS account and keytab allows authenticated file system access to be automated).


This work has already been started, as part of prometheus development. This project ties all the loose ends together.


Adding multiple identities support to prometheus involves the following work:

  • Ensure multiple identity and account objects are supported as planned in prometheus
  • Add support to AFS PTS conduit to create new accounts (with uid automatically allocated from range)
  • Add support to command-line 'theogony' tool to allow sysadmins to create identities and accounts
  • Add support to prometheus remctl interface for identity/account creation
  • Adapt password setting CGI or write a new one to use remctl interface for users to manage identities (create, set password)
  • Configure wallet to support distribution of keytabs for additional identities
Effort estimate: 
4 weeks