From: The EDUCAUSE CIO Constituent Group Listserv on behalf of David Todd
Sent: Mon 8/23/2004 12:09 PM
To: [log in to unmask]
Subject: [CIO] <PLAuth> Public Lab Authentication Survey
The University of San Diego does not currently require logins on the
Windows and Macintosh personal computers in its public labs, and we are
preparing to do so. As we begin, we believe it might be helpful to know
if this is a common direction others have taken and, if so, the
approaches they've used.
Please take just a couple of minutes to respond to the following
survey. We'll summarize back to the list unless you ask us not to
include your responses in our summary, which will include both replies
to the list and replies to me directly.
1) Do you require authentication on your public workstations (excluding
library workstations here)? If so, what system do you use
We leverage Microsoft Active Directory to provide a single database capable of LDAP, Kerberos, NTLM, NTLMv2, Digital Certificates and RADIUS (via MS-IAS)
2) Do you just authenticate or are you using a system to provide
access to file storage and other resources? What system?
This database via its multiple authentication mechanism provides workstation security controls on our Windows and Mac workstations, Kerberos on our CS departments AFS server, access to our Windows file and print services, and via MS-IAS RADIUS allows our Enterasys Secure Networks Systems to authenticate VPN, Wireless and Wired Network Ports
3) If you just authenticate, do you use a central LDAP or similar
4) Do the public workstations in your libraries require authentication?
If so, and if the system differs from the one in your other public
labs, what system do you use in the libraries?
Most workstations require authentication at the workstation, and/or at the network port level as well. Our library kiosk workstations and other campus Kiosks do not require login at the workstation but are restricted via Secure Networks Policy.
5) Comments, suggestions, advice, etc:
Flexibility, and ease of management. We had multiple sources needing authentication (Windows, Mac, Linux, etc) and some we didn't plan on in 1999 (Enterasys Secure Networks hardware) that were not easy to satisfy under a single credentials database. Active Directory provided one of the most flexible and manageable solutions. Our implementation begain at Beta3 and has continued through our plans to implement AD2003.
6) Institution: _Hobart and William Smith Colleges
7) Exclude from public summary? no
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.