Re: New student username/password

[Cal Frye <cjf () CALFRYE COM>]

Hatala, Jeffrey wrote:
> Hello All,
>
> All these processes are fine to deliver the username and password but
> what are the underlying systems that make it work?  These are the areas
> we need to hear about. To see if they will fit with our existing
> architecture.  Who's code are you using and is it syncing passwords and
> secondly, usernames with any other systems?  How is it syncing and was
> the underlying code "home grown" or purchased?  Are you willing to share
> you're your code with other educational institutions?

OK. We have SunOne LDAP and Novell eDir directories. We purchased an
IDsentrie appliance from A10 Networks (www.a10networks.com), which
presents the user a web page interface for changing passwords, including
security questions and user-supplied responses. The IDsentrie then
pushes the changed passwords into each directory. Authentication to the
IDsentrie succeeds on a match from either directory, so the following
scenario works for new folks:

Create user. Set password for user in eDir (resources not otherwise
available off campus). Send credentials to new user (we mail them as
part of our "welcome to Oberlin" package). User logs into the IDsentrie,
based on the eDir password. They are prompted to enter their
challenge-response set, and to change their password. The IDsentrie
pokes the new password into both eDir and LDAP, enabling their login
into email, ResEd, et al.

It's taken rather longer to catch up existing users in the
challenge-response system in the IDsentrie, but each forgotten password
since has resulted in a similar process for existing users as described
above.

The IDsentrie has a fairly rich list of directories with which it's
compatible, and they've worked with us in implementation. Hope this helps.

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"Memory is where the proof of life is stored. --Norman Cousins.