[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::pwv50ift

Title:Kit: Note 4229; Please use NOTED::PWDOSWIN5 for V4.x server
Notice:Kit: Note 4229; Please use NOTED::PWDOSWIN5 for V4.x server
Moderator:CPEEDY::KENNEDY
Created:Fri Dec 18 1992
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4319
Total number of notes:18478

4260.0. "External Authentication to other domains? (ACME Module)" by THEBAY::WIEGLEB (Last day is May 2. Farewell!) Tue Apr 15 1997 22:57

    I have some questions about OpenVMS V7.1 External Authentication.
    
    My OpenVMS (V7.1) system runs PATHWORKS (LAN Manager) V5.0E-001. It 
    is a Backup Domain Controller for a domain called SZODOM.  I've got it
    set up so that certain VMS logins are authenticated using the account
    and password information in the SZODOM domain. This seems to be working
    just great.
    
    Ideally, I would like to be able to redirect the authentication to
    validate against the DIGITAL1 domain instead of setting up new users on
    my local (resource) domain.  I take it this is not possible at this
    time?  Will it be possible with PW V6 server?
    
    The second question:  How did you come up with "Acme Module" as the
    name of the authentication engine? :^)
    
    Thanks,
    
    - Dave
T.RTitleUserPersonal
Name		DateLines
4260.1ALPHAZ::HARNEYJohn A HarneyWed Apr 16 1997 12:0111
re: .0 (Dave)

I can't answer the first one, but for the second question:

    Authentication and Credential Management

is the main service, and the extensions are ACME modules.

You should see the SYS$ACM service in V7.2, if everything goes right.

\john
4260.2Thanks. Some further questionsTHEBAY::WIEGLEBLast day is May 2. Farewell!Wed Apr 16 1997 18:1420
    But does SYS$ACM deal with outbound requests or inbound requests for
    authentication?
    
    What I would like to provide on my VMS system is the name of the
    authentication domain and not necessarily need to maintain the users in
    my local PATHWORKS (if PATHWORKS server still needs to exist at all on
    the VMS system).  The only other thing that would be needed is a 
    mechanism for pointing the VMS account to an NT account that has a 
    different name (perhaps as an additional field in the SYSUAF record?).
    
    Ideally, the authenication request could be dealt with as are our 
    current NT logons into the DIGITAL1 domain.  I'd like to deal with this
    as a Trust issue rather than needing to maintain a separate local 
    PATHWORKS database of users.
    
    Thanks.  And thanks for the explanation of ACME.  Maybe it's just my
    warped childhood, but whenever I hear the word "Acme" I think of Wile
    E. Coyote in the "Road Runner" cartoons.  :^)
    
    - Dave
4260.3ALPHAZ::HARNEYJohn A HarneyThu Apr 17 1997 12:148
re: .2

Sorry, I don't have answers to your questions.

I only know what ACME meant.  There are some specs available on what's
in place now, and what's coming in V7.2, if you have access to STAR::.

\john
4260.4Trusted domain logins coming in PATHWORKS 6.0STAR::BARRYRick Barry, SE/VMS(B1) Eng., 381-0634Wed Apr 23 1997 19:3616
Trusted domain logins are coming in PATHWORKS version 6.0. If the system logical
name PWRK$ACME_DEFAULT_DOMAIN is defined, the ACME module will use the
equivalence name as the "logon" domain; otherwise, the domain of the server will
be used. The user can also specify the domain, using the syntax
"joe@domain-name". In all cases, the domain must be a trusted domain.

All of this still requires running PATHWORKS on the cluster since PATHWORKS is
the ACME's channel to the LAN Manager network. In addition, PATHWORKS is
responsible for mapping the LAN Manager names to local VMS usernames on the
cluster.

>    Thanks.  And thanks for the explanation of ACME.  Maybe it's just my
>    warped childhood, but whenever I hear the word "Acme" I think of Wile
>    E. Coyote in the "Road Runner" cartoons.  :^)

You're not alone.
4260.5Just the ticketTHEBAY::WIEGLEBLast day is May 2. Farewell!Fri Apr 25 1997 18:567
    Thanks much.  The features/functionality of PW V6 sound like exactly
    what I'm looking for.  The requirement for PW on the server shouldn't
    be a big deal -- the major thing for me was the referral of authentication.
    
    Thanks,
    
    - Dave