1 / 13

Presented by: Mark Hendricks

Presented by: Mark Hendricks. mark.hendricks@humboldt.edu. H U M B O L D T. Background Mix of centralized and de-centralized IT support 10,000 active Student/Staff/Faculty 25,000 user entries in LDAP Small technical implementation team

trixie
Télécharger la présentation

Presented by: Mark Hendricks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by: Mark Hendricks mark.hendricks@humboldt.edu

  2. H U M B O L D T Background • Mix of centralized and de-centralized IT support • 10,000 active Student/Staff/Faculty • 25,000 user entries in LDAP • Small technical implementation team • Committed to open source solutions when available

  3. IMI Authentication Technical Team • Bill Cannon – Director: Information Technology/ISO • Nick DeRuyter – Manager: University Computing Services System Administrators • Mark Hendricks • Josh Callahan DBA • Peter Johnson Analyst Programmers • Michael Bradley • Jason Hardin Help Desk • Melinda Christensen Contact: Mark Hendricks – mark.hendricks@humboldt.edu

  4. IMI Authentication Priorities Security!! • Uniform password strength and policy enforcement • Reduce password/secret exposure and vulnerability • Improve logging User Experience • Reduce logins/single sign-on • Unify account information (NetID/Password) • Single location for password management Administration • Enforcement of policies for access to campus resources & confidential data • Audit compliance • Improve user administration efficiency (IT Systems & Services)

  5. Design Goals • Open source • Create authN / AuthZ capable of supporting all applications • Minimize complexity • Minimize auth sources • Want IMI infrastructure that will support centralized and decentralized management

  6. Initial IMI Auth Infrastructure

  7. Password Management/Synchronization

  8. Active DirectoryWhy AD? • Windows desktop majority • Distributed Windows desktop management using centralized authentication and dynamic groups • Supports AuthN/AuthZ for most major operating systems “out of the box”

  9. Desktop AuthN AuthZ Support

  10. Active Directory • Windows desktop majority • Distributed Windows desktop management using centralized authentication and dynamic groups • Supports AuthN/AuthZ for most major operating systems “out of the box” • Windows XP/2000 • Mac OS X • Unix (Tru64) • Linux • Samba • Minimal schema extensions required • Based on LDAP and Kerberos • Kerberos prepares for Single Sign-On

  11. Kerberos • MIT vs. Microsoft • Benefits • Single Sign-on - Ticket Passing • Non proprietary • Unified and secure password repository • Passwords outside Windows AD • Reduces password/secret exposure • Unified logging • Easy set up/Robust • Problems • Difficult to obtain functional documentation/support • Learning curve for users & technical team • Not supported by all applications • Problems with OS integration

  12. Where Are We Now? Progress • Password Interface • Password Synchronization • Group Interface • LDAP/AD/Kerberos Desktop Auth • Email route/alias • Library authN, authZ • Wireless Auth • Misc. Apache Auth Future • Portal • Guest Accounts • Meta-Directory • LDAP Standard Library • Student (Central) Shares • Kiosk • Open Directory (Apple) • Email

  13. CSU Support/Collaboration • CSU / eduPerson / group schema - courses • Functional working groups / conference - Vendors • CSU web page/list for directory/authentication collaboration • CSU Grants for code and documentation development • CSU Certificate Authority or contract with public CA

More Related