[Infrastructures] user management (mixing afs,ldap,kerberos)

[Carlson, Scott]

> > We're in the process of rolling out Vintela VAS 
> (http://www.vintela.com) to
> > our Unix environment
> > (~~1500 active unix hosts) and have had good success at
> > integrating the unix hosts into our active directory.  The 
> vendor has
> > been _very_ responsive to our issues with the product and 
> has rolled out
> > a number of specific patches to meet our identified 
> problems.  It isn't free
> > though.  I'm not sure what the list or educational price 
> is, but $100/server
> > sounds right, with workstations with < 5 people free.
> > 
> This is the first time I've heard of this product and it's something
> I've been wanting to do for a long time. How does VAS deal with
> user names that are 9+ characters?
> 
> Mike
> 

Well, that's an interesting question.  Every _recent_ OS seems to handle
login ID's >= 9 characters, even AIX, but they have the official policy of
"you're on your own".  We've successfully tested login ID's up to 32
characters and even though there are a few nit-picky things floating out
there, for the most part it works.  Since everything is UID based anyway,
most of the system commands just truncate the displays.  Here's an example.

drwxr-xr-x    2 Scott.Ca root         4096 Jan 24 18:05 prj_1
drwxr-xr-x    5 Scott.Ca staff        4096 Feb  7 20:04 prj_2
drwxr-xr-x    3 Scott.Ca root         4096 Mar  7 11:47 prj_3
drwxr-xr-x    2 Scott.Ca root         4096 Jan 26 11:00 prj_4

It'll be a little bit annoying when we have someone with
reallylongfirst.reallylonglast and then hire reallylongguy.reallylongername
because they both will say "reallylo" as the owner of the files.

Only SSH 3.7.1 and above will work with this, and VAS has some patches that
integrate SSH even better.  I don't have my list in front of me, but I
remember ssh working and telnet _not_ working on one of the OS Versions.
We're rolling this to RHAS 2.1/3.0, Solaris 2.6-2.8, AIX 5.1 and haven't
experienced any show-stopping problems.

Scott