TUCoPS :: Networks :: mil_taca.txt

User reg. instructions for Host Admin

[ netinfo/mil-tacacs-instructions.txt


               INSTRUCTIONS FOR NETWORK USER REGISTRATION


I.  BRIEF OVERVIEW

   The Defense Data Network Defense Communications Systems (DCS) has
   authorized the DDN Network Information Center (NIC) to register users
   on the MILNET and to issue MILNET TAC Access Cards.  The NIC maintains
   the user registration information in the NIC WHOIS Database.  It is
   the intent of the DDN DCS that all network users be registered in the
   WHOIS Database.  This database serves as an online "white pages"
   service.  The Host Administrator of each host is responsible for
   registering the users of that host, and for authorizing individual
   account holders to access that host via MILNET TACs.  In order to do
   this, the Host Adminstrator must be registered in the WHOIS database
   and have a network mailbox.  This file describes the procedure by
   which you, as a Host Administrator, can register your users and
   authorize them to access the network via MILNET TACs.

II.  GUIDELINES AS TO WHO MAY BE A REGISTERED USER OF THE MILNET

   Users of the DDN network should be engaged in U.S. government business
   or should be actively involved in providing operations or system
   support for government-owned or government-supported MILNET computer
   communications equipment.  Any MILNET user with a valid account on a
   MILNET host may be included in the NIC WHOIS Database.

   The intent of the DDN DCS is to let the local hosts manage themselves
   responsibly within the guidelines set down by the government.  In
   accordance, each Host Administrator is responsible for users that he
   or she has authorized to use the network.  The DDN DCS will work with
   the Host Administrators should any problems arise.

III.  USERS REQUESTING ACCESS TO MILNET TACS

   The MILNET TAC Access System (TACACS), which became operational in
   February 1984, controls access to the network by a TAC login
   procedure.  In order to access the network via a MILNET TAC, each
   individual user must have a TAC Access Card issued by the NIC.  In
   order to receive a TAC Access Card, each individual user must by
   registered at the NIC and authorized for TAC access by the Host
   Administrator.

   Users who request MILNET TAC access constitute a special subset of
   registered  users.  The DDN DCS requires that these users be
   individually screened and approved by the authorizing Host
   Administrator.  Also, no one will be given MILNET TAC access without
   first having a valid account on a MILNET host.  The NIC has adopted
   the policy that a MILNET TAC user is "authorized" if the user
   template indicating a need for MILNET TAC access comes to the NIC
   from the authorizing Host Administrator's mailbox.

IV.  REGISTERING USERS

   Use the template in Section X to register individuals with accounts
   on your host.  Complete a template for each individual and separate
   the templates by a blank line.  Fill in all the relevant fields
   following the guidelines provided under Section IX.  It is important
   that you use the NIC template and try to adhere to the same data
   entry style as we have used.  This will allow us to automatically
   input the data into our database, and will minimize the amount of
   editing required.  We will not accept data other than in the template
   form specified.

   You may send blank templates to your users to fill out.  Have them
   return the filled-in templates to you.  Accumulate them into a single
   file.  Review the lists (as you are responsible for the
   authorization of registered users on your host), and send us the
   files as messages to the mailbox,  REGISTRAR@NIC.DDN.MIL.  (See Section
   VIII for further discussion on submitting the templates.)

V.  OBTAINING LISTS OF USERS CURRENTLY IN THE NIC DATABASE

   You may request from the NIC a file of templates of individuals
   currently registered in the NIC WHOIS Database whose primary login
   name is on your host.  The file can be pulled over to your host via
   FTP, updated and returned VIA NETWORK MAIL to
   REGISTRAR@NIC.DDN.MIL.  To delete a user from the database, fill
   in the "Delete" field in the user's template.  DO NOT DELETE the
   template itself.  To add a user to the database, fill out the
   template included under Section X.  Complete a template for each new
   individual.  You can add these to the corrected entries or send them
   as a separate list, whichever you prefer.

VI.  DELETING USERS FROM THE DATABASE

   When a user's account is deleted from your host, the user's record
   should be deleted from the WHOIS Database.  This can be accomplished
   by filling in the "Delete" field in the user's template as described
   in Section V, or by sending a brief network message to
   REGISTRAR@NIC.DDN.MIL giving the user's full name and account name. 
   If a user who has been issued a TAC Access Card is deleted from the
   database, the NIC will automatically invalidate the user's card during
   the annual reregistration of the host.  The delay in invalidating the
   user's TAC card is due to software limitations of the TACs.   If a user
   is considered to be a possible security risk, please contact the NIC 
   immediately with this information; the user's TAC UserID will be
   hotlisted (invalidated).

VII.  USERS WITH ACCOUNTS ON MORE THAN ONE HOST

   A user should ideally be authorized by the Host Administrator of the
   user's "primary" host, where "primary" is defined as the "home" host
   or the host on which the user has an account to do the primary work
   for which he or she is authorized to use the network.  Some users
   will have several legitimate accounts, in which case the "primary"
   host will probably be the one on which they receive electronic mail,
   or the one which they themselves identify as their "home" host.

   If users do have multiple accounts on more than one MILNET host,
   and if each Host Administrator fills in a template for every
   user on his or her host, the NIC may well receive multiple templates
   for some users.  We are prepared to resolve any resulting
   duplication.

   If a user tells you that a template has already been filled in for
   him or her by another Host Administrator, do not fill in another
   template unless you are sure that your host is the primary host for
   that user.  If you are in doubt or don't know, check with the user.
   The NIC will screen for duplication.

   If the user does not require MILNET TAC access, the template need not
   come from the authorizing Host Administrator's mailbox.  However, as
   stated above, the Host Administrator is responsible for the
   appropriateness of all use of the network by users accessing the network
   from his or her host.  Therefore, it is important that the
   "Authorizing Host" field reflect accurately the host which is the
   "home" host or on which the user is doing his or her primary work.

VIII.  ONLINE MAIL ADDRESS FOR COMPLETED TEMPLATES

   Please send user registration templates in a network message to:

      REGISTRAR@NIC.DDN.MIL

   Remember, if users require MILNET TAC access, the list of templates
   MUST be sent to us from the Host Administrator's mailbox.  As stated,
   this is our guarantee that the users on this list are authorized to
   have MILNET TAC access.

   Please send us all the templates via network mail.

   If the list is too long for your mail system to process, you may
   break the lists arbitrarily (between templates) and send them as a
   set of messages.  If  you do break up the list, please indicate in
   the subject field of each message:  Part 1 of 4, Part 2 of 4, etc.
   To assure that the NIC mail system will be able to process your
   message, do not send a message of over 50,000 characters.

IX.  SPECIFIC INSTRUCTIONS FOR EACH TEMPLATE FIELD

   If all users or a group of users in your list will have identical
   data in any field (i.e., same text of address, phone number,
   authorizing host, etc.),  please enter the full text of the field in
   the first template of the group in the list.  You may then indicate
   that this information is to be repeated by simply entering "*" as the
   text of that field in subsequent templates, (* =  ditto).  The "*"
   may be used only in the following fields:

      U.S. MAIL ADDRESS:
      PHONE:
      AUTHORIZING HOST:
      PRIMARY LOGIN NAME:
      PRIMARY NETWORK MAILBOX:
      TERMINATION DATE:

   FULL NAME:

   The name may be entered in any of the following formats:

      Lastname, Firstname I.
      Lastname, Firstname
      Lastname, I. Middlename
      Lastname, Firstname I., Jr.
      Lastname, Firstname I., III

      where "I." = an initial

      Do not include military rank or professional titles.

   U.S. MAIL ADDRESS - some standard procedures:

      The name of the organization or university should appear on the
      first line.  Do not use acronyms for the name of the organization.
      The second line may contain information such as the department
      name, code, or attention line, followed by a line containing the
      building name or number, room number if you wish to include any of
      these.  The next line should contain the street address or Post
      Office Box.  The last line of the address field should contain the
      city, state and zip code.  If you commonly use a 9 digit zip code,
      enter that.

      DO NOT USE ANY ABBREVIATIONS OR ACRONYMS, with the exception of

         Incorporated.......Inc.
         Limited............Ltd.
         Corporation........Corp.
         Company............Co.
         Post Office Box....P.O. Box

      Separate lines of the address by a carriage return.

   PHONE:  

      Up to four phone numbers are allowed.  Acceptable formats are:

      U.S. numbers

      (123) 456-7890
      (123) 456-7890 ext 123
      (123) 456-7890 (DSN) 567-7890
      (123) 456-7890 (DSN) 567-7890 (FTS) 667-7890
      (123) 456-7890 or 456-0987
      (123) 456-7890 or 456-0987 (DSN) 567-7890 or 567-0987

      Overseas numbers

      [49] 711-123456 or (DSN) 420-1234 or (M) 8765-1234 (For overseas
      numbers, give number through country code with country code in
      brackets.)

   AUTHORIZING HOST:

      This is the name of the host which the user considers his or her
      "home" host, or on which the user is doing the primary work for
      which he or she is authorized to use the MILNET.

      Enter the OFFICIAL HOSTNAME rather than an approved nickname.

   PRIMARY LOGIN NAME:

      This is the primary login name/username/directory name of the
      user on the authorizing host.

      If the login name is a part of the security system on your host
      and therefore should be kept secret, do not enter it in this
      field.

      The primary login name may be a group directory name if it is the
      only one the individual uses.

   PRIMARY NETWORK MAILBOX:

      This is the mailbox where this individual prefers to receive
      mail.  This may or may not be his or her primary login name on
      your host.  If mail addresses are case dependent on your host,
      specify the mailbox string accordingly.  Otherwise enter the
      string in upper case.

      Separate the username and hostname parts of the mailbox by "@".

      Format:  USERNAME@HOSTNAME, e.g. SMITH@NIC

      For those hosts whose official hostname is a Fully Qualified
      Domain Name (FQDN), enter the FQDN in the hostname part of the
      mailbox.  The FQDN is preferred, as in:  SMITH@AI.AI.MIT.EDU

   MILNET TAC ACCESS? (y/n):

      For a user to be authorized for MILNET TAC access, this field must
      be filled in with "y" or "yes".  This is the means by which you, as
      Host Administrator, indicate to us that this user is authorized
      for MILNET TAC access and will require a MILNET TAC Access Card.
      A TAC Access Card will be automatically generated for each
      individual whose template contains "y" or "yes" in this field,
      providing that the template is sent to us from the Host
      Administrator's mailbox.

   TERMINATION DATE:

      The DEROS date (Date Eligible for Return from Overseas) for military
      users, estimated date of graduation for students, estimated
      elapse date for temporary users is requested here for use on
      military hosts.  Others may use the field if they wish.  It is
      not currently used in maintenance of the WHOIS database and will
      not cause automatic deletion of records from the database.

      Format:  MO/YR, e.g., 10/83, 02/84

   HANDLE:

      The handle is the unique identifying label for the record.

      This field appears in templates of currently registered users.

         DO NOT ALTER THIS FIELD.

      This field does not appear in the blank template.  Do not specify
      a handle for the ADDITIONS.  Our program will automatically
      generate a unique identifier (handle) for each individual
      template.

   DELETE? (y/n):

      If the individual no longer has a login account on your host, mark
      this field with a "y" or "yes".  DO NOT DELETE THE WHOLE TEMPLATE.

X.  SAMPLE BLANK TEMPLATE

   FULL NAME:
   U.S. MAIL ADDRESS:
   PHONE:
   AUTHORIZING HOST:
   PRIMARY LOGIN NAME:
   PRIMARY NETWORK MAILBOX:
   MILNET TAC ACCESS? (y/n):
   TERMINATION DATE:
   HANDLE:    ****DO NOT ALTER THIS FIELD.****


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH