Educause Security Discussion mailing list archives
Re: New student username/password
From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 10 Apr 2008 12:07:26 -0400
Hatala, Jeffrey wrote:
Hello All, All these processes are fine to deliver the username and password but what are the underlying systems that make it work? These are the areas we need to hear about. To see if they will fit with our existing architecture. Who's code are you using and is it syncing passwords and secondly, usernames with any other systems? How is it syncing and was the underlying code "home grown" or purchased? Are you willing to share you're your code with other educational institutions?
OK. We have SunOne LDAP and Novell eDir directories. We purchased an IDsentrie appliance from A10 Networks (www.a10networks.com), which presents the user a web page interface for changing passwords, including security questions and user-supplied responses. The IDsentrie then pushes the changed passwords into each directory. Authentication to the IDsentrie succeeds on a match from either directory, so the following scenario works for new folks: Create user. Set password for user in eDir (resources not otherwise available off campus). Send credentials to new user (we mail them as part of our "welcome to Oberlin" package). User logs into the IDsentrie, based on the eDir password. They are prompted to enter their challenge-response set, and to change their password. The IDsentrie pokes the new password into both eDir and LDAP, enabling their login into email, ResEd, et al. It's taken rather longer to catch up existing users in the challenge-response system in the IDsentrie, but each forgotten password since has resulted in a similar process for existing users as described above. The IDsentrie has a fairly rich list of directories with which it's compatible, and they've worked with us in implementation. Hope this helps. -- Regards, -- Cal Frye, Network Administrator, Oberlin College www.calfrye.com, www.pitalabs.com "Memory is where the proof of life is stored. --Norman Cousins.
Current thread:
- New student username/password Aaron Cayard-Roberts (Apr 09)
- <Possible follow-ups>
- Re: New student username/password Jenkins, Matthew (Apr 09)
- Re: New student username/password Curt Wilson (Apr 09)
- Re: New student username/password Stephen John Smoogen (Apr 09)
- Re: New student username/password Kenneth Arnold (Apr 09)
- Re: New student username/password Greg Francis (Apr 09)
- Re: New student username/password HALL, NATHANIEL D. (Apr 09)
- Re: New student username/password Mark Borrie (Apr 09)
- Re: New student username/password Cal Frye (Apr 09)
- Re: New student username/password Hatala, Jeffrey (Apr 10)
- Re: New student username/password Cal Frye (Apr 10)
- Re: New student username/password Todd Dergenski (Apr 10)