1

Access Control and the student career

Mark Norman,Systems Development and

Support Team, OUCS

2

Sysdev @ OUCS

• What do we do?

• Apart from authentication/authorisation services…• Email (Herald)

• Mailing lists system administration

• Web hosting sysadmin

• Linux shell service

• Version control (support for web sites and coding projects)

• Software mirror downloads

• News services

• Virtual learning environment (VLE – Weblearn) sysadmin

• Wikis sysadmin (for OUCS)

• Alumni e-mail forwarding service sysadmin

• Lots of dull back-end stuff for resilience and backup etc.

3

Students and access control

• How many usernames and passwords do students need?

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

4

Kerberos is the answer

• (Yes, the 3 headed dog!)• Kerberos (and Webauth) has meant that the following all

work from one username/password pair

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

5

Kerberos is the answer

○ Not the complete answer (still need some other accounts)

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

◦ The following are all managed using the SSO system

◦ Password management is done via Webauth

6

Kerberos is the answer

○ Athens is being superseded by Shibboleth (uses Kerberos/Webauth)

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

7

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

Kerberos is the answer

○ A lot more web based services are now using Webauth

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

8

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

Kerberos is the answer

○ Some desktop systems can use kerberos cross-realm trust (e.g. Active Directory)

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….

9

• Student Information Systems – self service

• Email

• Webmail

• College services

• Departmental services

• Athens (for external library resources)

• Desktop management systems

Kerberos is the answer

○ And we have high hopes for Oracle too!

• HFS Backup password (graduates)

• Help centre username/password

• Weblearn

• Library resources/OXAM (VPN for)

• Personal web space

• Accounts for downloading software (e.g. Sophos, VPN clients)

• And Facebook, itunes, myspace etc. etc….