Re: New student username/password

[Todd Dergenski <tdergens () ODU EDU>]

Hello All,
    At Old Dominion, we use a homegrown system called MIDAS.  Technology
wise, its a Java/JSP website backended with Oracle.  Java/PL/SQL
connectors do the actual work of creating/syncing accounts with various
services.
    The end user process is fairly simple. Once a person record is made
for an individual, they are eligible for a MIDAS account.  Once they
create the account, going through delivered training and AUP, their role
with the university is checked and all "eligible" service accounts are
created.
    For the most part, MIDAS writes passwords/accounts to v3 LDAPs, but
we do have connectors for AD, Netware and Oracle Databases.

Todd Dergenski
Senior Security Administrator
Old Dominion University
757-683-4301
tdergens () odu edu


On Thu, 2008-04-10 at 10:50 -0400, Hatala, Jeffrey wrote:
> Hello All,
>
> All these processes are fine to deliver the username and password but
> what are the underlying systems that make it work?  These are the areas
> we need to hear about. To see if they will fit with our existing
> architecture.  Who's code are you using and is it syncing passwords and
> secondly, usernames with any other systems?  How is it syncing and was
> the underlying code "home grown" or purchased?  Are you willing to share
> you're your code with other educational institutions?
>
> Thank you all for your time and talents.  This Educause Security is one
> of the best listserv out there.  It just too bad the Internet is
> becoming corrupt.
>
> Make it a great day!
> Jeff
> (soon to be: CISSP)
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye
> Sent: Wednesday, April 09, 2008 10:48 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] New student username/password
>
> Aaron Cayard-Roberts wrote:
> > Hello,
> >
> > For years we've had students wait until they are on campus and have
> > attended a tech session before we give them their username and
> password.
> >  We've been under a lot of pressure to change this so that the
> students
> > will be able to access campus services over the summer which require a
>
> > username and password.
> >
> > I'm wondering how other institutions are handling this situation in a
> > secure way.
>
> Hi, Aaron,
> 'Cause we're Oberlin, and we won't have one directory where we can have
> two ;-) it works out pretty well. We create the accounts for new
> firstyears in late spring, and send them, as part of the Big Book o'
> Forms, instructions on how to access our self-service password utility.
> the password we send them is for one directory and is not useful off
> campus but will enable them to enter their password recovery Q&A and
> change their password to a "real" one, which then enables email and web
> access to campus systems, like the room-selection site ResEd wants them
> to use over the summer.
>
> Hope this helps, ping me for more details if you like.