1. Phase I of GatorSlogan access includes the following user services, authenitcated through kerberos:
   1. Terminal server login
   2. Mailbox access
   3. Changing 'my' password
2. Phase II of GatorSlogan access will consist of migration to LDAP services, in place of smaller-scale database resources.
3. Phase III of GatorSlogan access will consist of gradual migration of services to use the campus-wide authentication server, including such services as CICS/ISIS access.

---

The remainder of this document will deal with Phase I requirements

• Support of phase I services will require the following administrative services. These should be implemented through kerberos calls if at all possible. Exhaustive audit trails will be critical; these administrative controls will be capable of withdrawing people from the University.
  1. Create account
  2. Delete account
  3. Change account status
     • this will require a database to be maintained, to be superceded by LDAP at some point in the (hoefully very near) future. Phase I database requirements are very limited, though: UID, alias, "DNA", Account priveleges (change my password, change others' passwords, change privileges)
• The user tasks will need the following API functions:
  1. authenticate me
  2. change my password
• The administrative tasks will need the following API functions:
  1. create account
  2. destroy account
  3. set account status
  4. set account priveleges
  5. show account
  6. change some password
• NERDC is responsible for supplying the following functions/services:
  1. Authentication daemon
  2. Account admin daemon, which authenticates through kerberos
  3. Authentication API, which follows the GSS specification, using kerberos calls.