OpenAFS logo

June 1-5, 2009

Stanford University

Wednesday 3 June 2:00pm

Location: Old Union - Clubhouse

Speaker: Simon Wilkinson

Title: Prometheus - LDAP based account provisioning


I'll present "Prometheus", an account provisioning system that I've been developing for the School of Informatics at the University of Edinburgh.

Prometheus is an LDAP based provisioning system, which is designed to manage a wide variety of user databases, including AFS's PTS and a Kerberos KDC. It is highly flexible in the databases it supports, and permits very fine grained delegation of control. It has a role-based access control model, and allows the creation and management of roles by any authorized user. It is instance aware, allowing users to create many instances of a primary account, request keytabs of those instances, and delegate particular permission sets to individual instances. Prometheus is designed to be a distributed as possible, permitting provisioning of system maintained by disparate groups without requiring those groups be trusted by the system itself.

This talk will discuss the design goals behind Prometheus, provide an update on implementation progress, and demonstrate a running system.

Slides: PDF