Computer Science and Engineering Unification and Alignment FAQ

Computer Science and Engineering Unification and Alignment FAQ

What is Unification and Alignment?

Project Phases

Phase One: UID Alignment

Phase Two: Username

Phase Three: GID and Group name Alignment

Phase Four: Authentication

Risks

Account Policies

Computer Science & Engineering Sponsored Accounts

Questions? Contact us here:

Questions already asked:

What is Unification and Alignment?

Computer Science and Engineering will be migrating from local identity management systems to the university’s central identity management system. The main reasons are to:

Project Phases

The project will be done in several phases or steps.

Phase One: UID Alignment

The UID (numerical representation of user) will be aligned to match the UID assigned by the University’s Identity Management group.

Phase Two: Username

Usernames will be changed to match InternetIDs. if you are unhappy with your InternetID, we urge you to contact 1-help or help@umn.edu  and change your InternetID. After this phase, you will log in with your InternetID username and Computer Science and Engineering password.

Phase Three: GID and Group name Alignment

The GID (numerical representation of groups) will be aligned to new groups in Active Directory. Group names will be prefixed with ‘CS-’ during this process to distinguish Computer Science and Engineering groups.

Phase Four: Authentication

The final phase will require Computer Science and Engineering users to sign in using InternetID credentials.

Risks

All files will have the ownership changed to reflect the new identity. There is the possibility that something will be missed. Do not fear, nothing will be deleted.

Account Policies

Accounts that have not been used for over a year will be closed per the departmental policy. Once the unification and alignment project is complete users must have an active UMN InternetID to continue using departmental resources.

Computer Science & Engineering Sponsored Accounts

For a visiting scholar to obtain a university account, a faculty needs to fill out the CS&E Sponsored Account Request form.

Questions? Contact us here:

Please contact us for more information:

csehelp@umn.edu

612-625-0876

www.cseit.umn.edu

Questions already asked:

  1. What will happen to directories used by alumni and external users?
  1. This covers users who will not get a sponsored/annually-renewed account.
  2. Once an account becomes deactivated, the account’s owner will no longer have access to the system. Files will still be owned by them under their old UID, however they will no longer have access.
  3. CSE-IT staff will address files owned by orphaned UIDs as we find them.
  1. For example, when moving project space to new storage, systems staff will run a report to find unused UIDs and GIDs in that space.
  2. We will ask the owner of that space what to do about the files, such as update the user and group to those currently in use.
  1. If project space or a home directory no longer has a clear owner, we will archive the files and remove them from the network shares.
  1. The files will still be available from archival storage if a faculty member requests access in the future.
  1. Since the unification is being rolled out in phases, what happens to UNIX groups and group permissions?
  1. We will create groups ahead of time in UMN AD. This will duplicate the active groups we have in both CS&E UNIX and CS&E Windows.
  1. We are using this opportunity to inventory and clean up groups.
  2. Group managers will be contacted to determine which groups are still needed.
  1. The names of most groups will be prepended with ‘CS-’ to make them unique in UMN AD as a Computer Science and Engineering group.
  2. Additionally, we will be identifying admins for each group. Group admins will be able to adjust group memberships under the new system. Otherwise, they can continue to ask CSE-IT to change their group’s membership.
  3. Existing CS&E UNIX groups will need their GID aligned with their new counterparts in UMN AD.
  1. What about CS&E home directory quotas?
  1. Quotas will remain in place and work the same.
  2. Once we are fully migrated, you will have one universal home directory for both CS&E and CSELabs. You will no longer need to maintain multiple copies of files between the two domains.
  3. For some OIT-hosted storage, quotas are not supported. In those cases, we will be enforcing quotas by internal scripts to monitor usage and send reports to users that are using too much space.
  1. If some directories are missed in the UID/GID update, will I still be able to access those after I'm phased in?
  1. There is a process for looking up and identifying old and invalid UIDs. We will contact the owners of files that need conversion to valid users/groups.
  2. Otherwise, if you find files with inaccessible permissions, let CSE-IT know and we will fix it as soon as possible.
  1. Will my CS&E username/password become obsolete?
  1. This is a somewhat complicated question. In phase 1, we are aligning users that have a CS&E username that matches their University ID.
  1. For example:
  1. CS&E username: mein
  2. CS&E UID: 745
  3. UMN username: mein
  4. UMN UID: 148063
  1. Here we are changing the ‘mein’ CS&E account from UID 745 to UID 148063.
  1. Files owned by 745 in ~mein will be changed to 148063.
  2. Other files with a different owner will not be changed.
  1. Everything else, including passwords, stays the same.
  1. In Phase 2, we are changing users where their CS&E usernames don’t match their University IDs.
  1. For example:
  1. CS&E username: lthomas
  2. CS&E UID: 2600
  3. UMN username: landon
  4. UMN UID: 87064
  1. Here we are changing both the CS&E username and the CS&E UID.
  2. Once the change becomes effective, lthomas and UID 2600 will no longer be used.
  1. Files owned by the 2600 UID in ~lthomas will be changed to 87064.
  2. Other files with a different owner will not be changed.
  3. The user's home directory will be renamed to match the new username, ~lthomas to ~landon.
  1. Passwords will not change at this phase. The user would login to a CS&E workstation with the ‘landon’ username and their current CS&E password.
  1. Note: people that were changed in phase 1 do not need to worry about phase 2.
  2. In Phase 4, CS&E workstations will convert to University authentication.
  1. Everyone will start logging in with their University credentials.
  2. Effectively, everyone’s password will change to their University password.
  1. Will my CS&E email work during my account’s transition phase?
  1. When your account is undergoing alignment, it is best if you’re logged out of all Computer Science & Engineering resources.
  2. Your @cs.umn.edu email will not work during this time as there are multiple key files that will be changing ownership during the transition.
  3. Your mail box on the CS mail server will be set to "retry:4.2.1 Mailbox is being restored". Well-behaved remote mail servers will see that notice and keep trying for a few hours; emails should not bounce.
  4. When your account has aligned, CSE-IT staff will remove custom mailbox setting and your queued @cs.umn.edu mail will start arriving as remote mail servers successfully retry.
  1.  What happens when I have multiple home directories, say a cselabs account and a cs account, how will that be resolved?
  1. In Phase 4 you will be given the choice of moving your cs homedirectory in a subdirectory of your cselabs account, or moving your cselabs account into a subdirectory of your cs account.  Eventually your new homedir path will be /home/(username).
  1. What about old personal web space?
  1. We will still be supporting personal web pages, if your username is changing we can create links to your new web space upon request.
  1. What about email aliases?
  1. We will create an alias from your old account to your new username when we change your username.