home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
ddn-news
/
ddn-mgt-bulletin-101.txt
< prev
next >
Wrap
Text File
|
1992-09-24
|
11KB
|
229 lines
************************************************************************
DDN MGT Bulletin #101 DISA DDN Defense Communications System
24 September 1992 Published by: DDN Network Info Center
(NIC@NIC.DDN.MIL) (800) 365-3642
DEFENSE DATA NETWORK
MANAGEMENT BULLETIN
The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DISA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities. Back issues may be read
through the TACNEWS server ("@n" command at the TAC) or may be
obtained by FTP (or Kermit) from the NIC.DDN.MIL host [192.112.36.5]
using login="anonymous" and password="guest". The pathname
for bulletins is ddn-news/ddn-mgt-bulletin-nn.txt (where "nn" is the
bulletin number).
************************************************************************
MILNET TAC User Validation and Registration
This Management Bulletin provides important information for host and
gateway/concentrator administrators who are authorized to request
TAC Access Cards for their users. This bulletin also provides guidance
regarding the validation and registration process for all MILNET TAC
users. The impending MILNET-wide TAC user registration will involve the
reissue of TAC Access Cards to all authorized users and will ensure that
only currently authorized users can access the MILNET via a TAC.
The following topics will be covered:
1) Validation and registration procedures
2) Importance of timely submission of user registration templates
3) New format for user registration templates
4) Validation and re-registration schedule
5) Amended Authorization Policy
6) DDN NIC contact information
1. Validation and Registration Procedures
The official validation and registration of all MILNET TAC users is
about to begin. During this period, the records for all MILNET TAC
users will be added, updated, or deleted, as required.
The DDN NIC Registrar will initiate the process by sending each
authorized host or gateway administrator a host template containing
the host information that is currently stored in the WHOIS database.
These host templates will be sent according to the schedule provided in
Section 4. Each host and gateway administrator will be required to
validate the information on the host template, make any necessary
changes, and return the template to the DDN NIC. Upon receipt of the
updated host template, the Registrar will prepare a file containing the
templates of the users on that host who are currently registered in
the WHOIS database.
1.1 User Template File Transmission
Depending on its size, the user template file will be transmitted to
the appropriate gateway or host administrator via electronic mail or
made available for downloading via FTP. The NIC will send the majority
of user template files via e-mail. However, administrators for hosts
with a very large number of TAC users will be given instructions for
downloading their user templates via FTP. Along with the user template
files, the NIC will provide detailed instructions for adding, deleting
or modifying the individual user records.
1.2 Importance of Following Instructions
It is IMPERATIVE that the administrators adhere to the guidelines and
instructions provided to them with their user data. Deviations from
these instructions will result in processing delays and/or rejection
of the templates. Because the data is automatically parsed from the
templates by software designed exclusively for that purpose, the standard
user registration templates must not be altered in any way, and the data
provided for each template field must be entered in the correct format.
User files that are returned to the NIC in an unacceptable format will
be sent back to the administrator for correction.
1.3 Transmitting User Files to the NIC
When returning the updated user templates to the NIC, each
administrator should clearly identify the file as "Host/Gateway
Re-Registration Information" in the subject line of each message.
This will ensure that 1) the files are processed through user regis-
tration as a re-registration and 2) TAC access for these users will
not be interrupted.
1.4 New TAC Card Issuance and Old TAC Card Invalidation
After the NIC has received all the updated user templates for a host, the
file(s) will be reviewed for accuracy and validated. New TAC Cards will
be generated for each user who has been authorized TAC access by the
host or gateway administrator. The entire re-registration process
(from the submission and receipt of the updated user data to the
mailing of the TAC Card) is approximately two weeks. The DDN NIC will
send electronic mail messages to the host or gateway administrator and
to all the associated users notifying them that their new TAC Cards
have been mailed.
Six weeks after new TAC Cards have been mailed, all old TAC cards
associated with that host or gateway will be invalidated. This should
allow sufficient time for users to receive their new TAC cards or to
inform the NIC (via their host or gateway administrator) of any problems
regarding their new TAC Cards. Consequently, it is very important that
administrators encourage their users to report problems or missing TAC
Cards within the six-week time period prior to the invalidation of the
TAC Cards.
2. Importance of Timely Submission of User Registration Templates
All authorized host and gateway administrators will be given a maximum
of four (4) weeks from the day they receive their user templates (or
notification that their templates are ready for them to download
via FTP), to make the necessary additions, deletions and revisions
and to resubmit the data to the NIC for processing.
If the NIC does not receive the updated user templates after four
weeks have elapsed, the DISA Task Monitor will intervene. The NIC
staff is fully aware that validation and registration can be a
tedious process, especially for those administrators who are
responsible for a large number of users. If problems are encountered,
contact the NIC immediately for assistance. The security of the DDN
MILNET is at risk when the process is not given appropriate attention.
3. New Format for User Registration Templates
A new User Registration Template has been prepared to standardize and
expedite the validation and registration process. Use of this new
template will help to ensure that the NIC receives complete and reliable
information about each user in a format that can be processed quickly and
accurately by the registration software. This template is available,
along with instructions and examples, from the DDN NIC via anonymous
FTP. Connect to the NIC and log on with username "anonymous" and
password "guest". Change to the <templates> directory and request the
file by executing a getfile procedure for filename <user-template.txt> at
the prompt.
The NIC will provide the re-registration files to the administrators
in the new template format. All re-registration user files must be
returned to the NIC in this format. However, in an effort to ease the
transition to the new template, the NIC will accept user files (THAT ARE
NOT A PART OF A RE-REGISTRATION) in the format of the current user
template until 1 January 1993. After this date, only templates that are
submitted in the new template format will be honored.
4. Validation and Registration Schedule
The host and user validation (re-registration) schedule has been
established alphabetically, by first letter of the official hostname.
This schema (shown in the chart below) should result in the re-registra-
tion of approximately the same number of users for each month in the
ten month schedule.
If the host or gateway administrator anticipates difficulties doing the
re-registration in the month scheduled, a request may be sent to the NIC
to reschedule the process (See Section 6).
Host/User Registration Schedule
(Alphabetical by Hostname)
| Oct | Nov | Dec | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep |
| A | B-C | D-F | G-H | I-L |M,O-Q| N | R | S | T-Z | --- | --- |
5. Amended Authorization Policy
Although DISA formerly required all users on hosts behind gateways
and concentrators to register and request TAC Access Cards via their
gateway administrators, that requirement has changed. Gateway (or
concentrator) administrators may now delegate the authority to request
TAC cards to the administrator(s) of any hosts attached to the MILNET
via their gateway. In this way, administrators of hosts behind gateways
or concentrators will be able to request TAC Cards for their own users
and to register those users to their own or "home" hosts. However,
administrators of all hosts behind the gateway must have proper
delegated authorization (in accordance with the Draft TAC Access Control
Policy Circular) from their gateway administrator before the
DDN NIC can honor their requests. This authorization should take the
form of an e-mail message to REGISTRAR@NIC.DDN.MIL sent directly
from the gateway administrators' mailbox.
5.1 Registering Hosts Behind Concentrators/Gateways
All hosts behind gateways (or concentrators) whose users require TAC
access MUST be registered in the NIC's WHOIS database before requests
for TAC access can be made. This is done by completing a Military Host
Registration template and submitting it to the DDN NIC for processing.
To retrieve the host registration template via FTP, connect to the NIC
host and log on with username "anonymous" and password "guest". Then
change to the <templates> directory and request the file by executing a
getfile procedure for filename <mhost-template.txt>.
To avoid unnecessary delays, all hosts should be registered with the
DDN NIC prior to the re-registration process.
6. DDN NIC Contact Information
For general information and template file transmission, send electronic
mail to
REGISTRAR@NIC.DDN.MIL:
or contact the DDN NIC Help Desk at:
1-800-365-DNIC (within the continental U.S.) or
(703) 802-4535 (in the Washington DC metropolitan area or
outside the continental U.S.)
All re-registration user files should be sent via electronic mail to:
REREG@NIC.DDN.MIL
** NOTE **
Whenever you leave a message for one of the contacts listed
above, please be sure to include a COMMERCIAL phone number if
possible. The DDN NIC does not have autovon capability.