Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Administrative account access control

From: Anthony Schroeder <aschroeder () GW HAMLINE EDU>
Date: Mon, 26 Jan 2004 09:05:20 -0600
i don't want to start a NOS war, but the answer is don't get rid of the
netware systems.  we have roughly 35 intel servers (netware and active
directory) and about 8 solaris machines, as well as quite a few cisco
switches that are all administered by 3 people.

nds runs the whole thing...we have an automatic import process from our
HR/student record system that creates the accounts as the person is
hired/admitted to school, and disables the account as they leave.
we use netware as our file/print
we have connectors to active directory and NIS that provides account
information to the other systems (including passwords/etc).
we use cisco's access control server that pulls the authentication
information from NDS to allow certain people to log in with different
priveledges to the switches - the person logs in as himself, rather than
a generic administrative user

novell is coming out with some web-based self-password administration
mechanism (to handle forgotten passwords, etc).

it all works pretty slick.

anthony.


STEVE () BUMAIL BRADLEY EDU 1/23/2004 1:22:05 PM >>>

We have about 30 servers and large numbers of routers and switches
that
are administrated by roughly a dozen people.



Naturally, we want a high secure environment for administrative
access.
All these devices have different, difficult passwords.  It is not
impossible to remember all the passwords.  Also, we want to avoid the
situation where we can't fix a problem because no one is around who
knows a particular password.



I have been looking for solutions to provide secure access to
administer
resources, provide a log of access, allow us to grant or restrict
access
quickly and easily, etc.



I've been talking to Priva Technologies, but wonder if others have
this
same problem and what they have done to address it.  What vendor
solutions are available?



Our environment is CISCO network, and VPN.  We have a Sun1 LDAP system
and also use Active Directory.  We have some Netware, but it is on the
way out.



Thanks for any insights you can provide,

Steve Patrick,

Bradley University




**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: