Educause Security Discussion mailing list archives
Re: Authentication in LDAP
From: Jim Bollinger <JBollinger () WLU EDU>
Date: Wed, 24 Aug 2005 10:45:12 -0400
Security considerations aside, we have found that there are cases where (although an ID is fine with LDAP) the systems linked to it can't handle it. For instance, if one of your dependent systems can only handle 8 character usernames and you try to login as geoffnathan, it probably won't work. We've also run into this with how systems interpret certain characters versus how LDAP interprets them. Jim Bollinger Systems and Network Engineer Washington and Lee University Lexington, VA 24450 540-458-8743
geoffnathan () WAYNE EDU 08/24/05 10:32 AM >>>
Apologies if this is a trivial question, but I've been banging my head against this issue and am unable to settle it in my mind. Here at Wayne State all users are issued a unique AccessID, an arbitrary alphanumeric code of the form XX1234. Whenever they access their e-mail, log in to our Portal or to Blackboard (or any of several other services) they enter their access ID and a password. Authentication is handled centrally by an LDAP appliance. Through the webmail client we supply users have the option of choosing an alias that is personalized (mine, for example, is at the bottom of this message). Recently the administrator of the LDAP machine enabled alternate logins (on everything) using the personalized ID instead of the 'license plate'-style ID. This was done without discussion of possible policy issues, and I've been wracking my brains trying to think of any security problems that this change raises. I can't think of any, but I thought I'd ask this group if there is any reason people should not be able to authenticate either as an6993 or as geoffnathan Thanks in advance for any suggestions. Geoff Nathan Geoffrey S. Nathan <geoffnathan () wayne edu> Security Policy Coordinator, Computing and Information Technology, and Associate Professor of English Linguistics Program Phone Numbers Department of English Computing and Information Technology: (313) 577-1259 Wayne State University Linguistics (English): (313) 577-8621 Detroit, MI, 48202 C&IT Fax: (313) 577-1338
Current thread:
- Authentication in LDAP Geoff Nathan (Aug 24)
- <Possible follow-ups>
- Re: Authentication in LDAP Jim Bollinger (Aug 24)
- Re: Authentication in LDAP Scholz, Greg (Aug 24)
- Re: Authentication in LDAP James H Moore (Sep 12)