You are here

Prometheus: multiple identities

Project ID: 
305
Current stage: 
Assigned Priority: 
2
Manager: 
Unit: 
Summary: 
Add support and tools to Prometheus for managing multiple identities
What: 

Prometheus was designed to support the management of multiple identities for users, e.g. in the KDC case somebody/admin, somebody/cron. The various parts need to be tied together to implement this. It should be possible to support:

  • Creation of additional identities for any entity
  • Creation of account objects (e.g. AFS pts) for identities
  • Users creating additional identities (of form 'user/something' themselves)
  • Distribution of keytabs
Why: 

Multiple identities gives a way of separating a user's privileges. Also it allows for automation of authenticated access to resources (e.g. an identity with an AFS account and keytab allows authenticated file system access to be automated).

When: 

This work has already been started, as part of prometheus development. This project ties all the loose ends together.

How: 

Adding multiple identities support to prometheus involves the following work:

  • Ensure multiple identity and account objects are supported as planned in prometheus
  • Add support to AFS PTS conduit to create new accounts (with uid automatically allocated from range)
  • Add support to command-line 'theogony' tool to allow sysadmins to create identities and accounts
  • Add support to prometheus remctl interface for identity/account creation
  • Adapt password setting CGI or write a new one to use remctl interface for users to manage identities (create, set password)
  • Configure wallet to support distribution of keytabs for additional identities
Effort estimate: 
4 weeks
Other: 

Dependencies:

Risks: