1) Do you require authentication on your public workstations
library workstations here)? If so, what system do you use
Yes. We authenticate access to all of our student technology center
computers to our central Kerberos servers.
2) Do you just authenticate or are you using a system to provide
access to file storage and other resources? What system?
Students don't get space on the individual lab computers (at least, not
long term space). We provide a separate service (Common File System)
whereon any IU account holder can be assigned space. CFS passwords are
also validated against Kerberos.
3) If you just authenticate, do you use a central LDAP or similar
We're pointing everything to Kerberos. We are working to eliminate NTLM
and other authentication methods that require maintenance of a separate
4) Do the public workstations in your libraries require
If so, and if the system differs from the one in your other
labs, what system do you use in the libraries?
Yes. There are three levels of credentials: 1) "patron" is (I believe)
a local library domain account, and allows access to specific resources
and services. Anyone can enter the library and use this account. 2)
"researcher" accounts are local domain accounts given to non-IU persons
who need access to all library resources and services for a longer
period. One must register themselves with the circulation desk in order
to get one of these accounts, and they can have them for longer periods
(months). And, of course, standard campus accounts can be used to get
unrestricted access in the library, and those point to Kerberos.
5) Comments, suggestions, advice, etc:
6) Institution: Indiana University (these answers are for IUB and
7) Exclude from public summary? No.
Mark S. Bruhn, CISSP, CISM
Chief IT Security and Policy Officer
Associate Director, Center for Applied Cybersecurity Research
Office of the Vice President for Information Technology and CIO
Incidents involving IU IT resources: [log in to unmask]
Complaints/kudos about OVPIT/UITS services: [log in to unmask]
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.