Download
1 / 13
130 likes | 265 Vues
This document outlines the IT support structure and authentication strategy at Humboldt University, designed to enhance user experience and security. With 10,000 active students, staff, and faculty, our goal is to unify account management through effective password policies and open-source solutions. We prioritize security, aiming to reduce vulnerabilities and improve single sign-on capabilities. Our dedicated technical team collaborates to implement a robust infrastructure supporting centralized and decentralized IT needs, ensuring compliance and efficient user administration across various platforms.
E N D
Presented by: Mark Hendricks mark.hendricks@humboldt.edu
H U M B O L D T Background • Mix of centralized and de-centralized IT support • 10,000 active Student/Staff/Faculty • 25,000 user entries in LDAP • Small technical implementation team • Committed to open source solutions when available
IMI Authentication Technical Team • Bill Cannon – Director: Information Technology/ISO • Nick DeRuyter – Manager: University Computing Services System Administrators • Mark Hendricks • Josh Callahan DBA • Peter Johnson Analyst Programmers • Michael Bradley • Jason Hardin Help Desk • Melinda Christensen Contact: Mark Hendricks – mark.hendricks@humboldt.edu
IMI Authentication Priorities Security!! • Uniform password strength and policy enforcement • Reduce password/secret exposure and vulnerability • Improve logging User Experience • Reduce logins/single sign-on • Unify account information (NetID/Password) • Single location for password management Administration • Enforcement of policies for access to campus resources & confidential data • Audit compliance • Improve user administration efficiency (IT Systems & Services)
Design Goals • Open source • Create authN / AuthZ capable of supporting all applications • Minimize complexity • Minimize auth sources • Want IMI infrastructure that will support centralized and decentralized management
Active DirectoryWhy AD? • Windows desktop majority • Distributed Windows desktop management using centralized authentication and dynamic groups • Supports AuthN/AuthZ for most major operating systems “out of the box”
Active Directory • Windows desktop majority • Distributed Windows desktop management using centralized authentication and dynamic groups • Supports AuthN/AuthZ for most major operating systems “out of the box” • Windows XP/2000 • Mac OS X • Unix (Tru64) • Linux • Samba • Minimal schema extensions required • Based on LDAP and Kerberos • Kerberos prepares for Single Sign-On
Kerberos • MIT vs. Microsoft • Benefits • Single Sign-on - Ticket Passing • Non proprietary • Unified and secure password repository • Passwords outside Windows AD • Reduces password/secret exposure • Unified logging • Easy set up/Robust • Problems • Difficult to obtain functional documentation/support • Learning curve for users & technical team • Not supported by all applications • Problems with OS integration
Where Are We Now? Progress • Password Interface • Password Synchronization • Group Interface • LDAP/AD/Kerberos Desktop Auth • Email route/alias • Library authN, authZ • Wireless Auth • Misc. Apache Auth Future • Portal • Guest Accounts • Meta-Directory • LDAP Standard Library • Student (Central) Shares • Kiosk • Open Directory (Apple) • Email
CSU Support/Collaboration • CSU / eduPerson / group schema - courses • Functional working groups / conference - Vendors • CSU web page/list for directory/authentication collaboration • CSU Grants for code and documentation development • CSU Certificate Authority or contract with public CA
![EVM System Surveillance Presented By: [NAMES] Presented to: [GROUP]](https://cdn2.slideserve.com/3705648/slide1-dt.jpg)
