Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many.

Slides:



Advertisements
Similar presentations
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Advertisements

WSUS Presented by: Nada Abdullah Ahmed.
Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Active Directory: Final Solution to Enterprise System Integration
Web Server Hardware and Software
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Resource Sharing Over a Network
Chapter 12 Reading assignment n From “Running Linux”, on reserve at PSU Main library (2-hour checkout) Chapter 1 (pages 1 through 41)Chapter 1 (pages 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
The Computing Infrastructure Division of Computing and Information Technology CLEMSON U N I V E R S I T Y July 30, 1997.
Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
1 Chapter Overview Network Operating Systems Network Clients Directory Services.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Local Area Networks: Software © Abdou Illia, Spring 2007 School of Business Eastern Illinois University (Week 8, Thursday 3/1/2007)
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Network Operating Systems Week 9.
Web Server A software program or server computer equipped to offer World Wide Web access. Web servers allow you to serve content over the Internet using.
Chapter 10 – UNIX. History In late 1960s, two employees of Bell Labs (Ken Thompson & Dennis Ritchie) designed a new operating system to overcome the constraints.
CLE Technical Design David S. Condrey LAN Systems - DCIT Presented at: Technology Transfer Partners (TTP) 1998 Salt Lake City, Utah July 7, 1998 CLEMSON.
UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Chapter 9: Novell NetWare
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Using Novell eDirectory™ to Unify Cross-Platform Authentication at Florida Hospital Stephen Lynch Project Manager Florida Hospital
Choosing NOS can be a complex and a difficult decision. Every popular NOS has its strengths and weaknesses. NOS may cost thousands of dollars depending.
Module 7: Fundamentals of Administering Windows Server 2008.
UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,
Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.
Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007.
Chapter Two Defining Network Objects. Chapter Objectives Describe how a workstation communicates with the network, and list the software components required.
Chapter Nine NetWare-Based Networking. Introduction to NetWare In 1983, Novell introduced its NetWare network operating system Versions 3.1 and 3.1—collectively.
Chapter 10 Netware-Based Networking Network+ Guide to Networks, Fourth Edition.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
UNITED STATES. Understanding NDS for Directory- Enabled Solutions Ed Shropshire, NDS Developer Program Manager Novell, Inc.
Lieberman Software Random Password Manager & Two-Factor Authentication.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
NDS and The Computing Infrastructure David S. Condrey, Eric Hester, Dan Schmiedt Division of Computing and Information Technology CLEMSON U N I V E R S.
Chapter 8: Objectives Explain how to use a server in a home or office network Install a server Set up a server Manage and monitor a server Design a server-based.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Lecture 6: Examples on Windows Operating Systems.
Day12 Network OS. What is an OS? Provides resource management and conflict resolution. –This includes Memory CPU Network Cards.
UNIT-3 1.Web server software and Tools 1IT2031 UNIT-3.
NDS and The Computing Infrastructure Division of Computing and Information Technology CLEMSON U N I V E R S I T Y January 22, 1998.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Course ILT Unit objectives Describe the network clients that are available to connect DOS-, Windows-, and Macintosh-based computers to a network Network.
Introduction to Active Directory
NDS and The Computing Infrastructure Division of Computing and Information Technology CLEMSON U N I V E R S I T Y December 3, 1997.
UNITED STATES. Understanding NDS for Directory-Enabled Solutions David Condrey, LAN Systems Manager Clemson University Jeremy Campbell,
1 CEG 2400 Fall 2012 Directory Services Directory Services eDirLDAP Active Directory.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
Web and Proxy Server.
Getting Connected to NGS while on the Road…
Netscape Application Server
Network Operating Systems Examples
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Getting Connected to NGS while on the Road…
Information Technology Ms. Abeer Helwa
Presentation transcript:

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many userid/password combinations for each user to remember Need central set of secure servers that all systems use for authentication Clemson University Personal ID (CUPID) Prototyped/tested in late ‘95/spring ‘96 Production on July 1, 1996

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server MailauthC WebauthC mainframeauthC UNIXauthC NetWareauthC SunauthC Windows NTauthC Oracle † authC

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Architecture Directory Services Authentication Server Agent Authentication Server Client System Integration AuthServ-Enabled Application Native Application User

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Architecture Possibilities Directory 1 Authentication Server Agent Authentication Server Client System Integration AuthServ-Enabled Application Native Application User Directory 2Directory 3

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Client Integration - System Level Applications AuthClient RACF SAF RACF API IDMS TSO DB2 ? Applications AuthClient /ETC/PASSWD PAM Login FTP Sys ? MVS Unix

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Client Integration - Application Level NT AuthClient DLL CGI Internet Information Server (IIS) Unix AuthClient BIN POPd

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server NetWare Loadable Module (NLM) is multithreaded Clients use common code base Clients have built-in failover capability Communication based on TCP/IP sockets > 90% successful password checks complete in less than 0.1 seconds > 4 million requests serviced by primary server over a 6 week period (100,000/day)

AuthServ Applications

Copyright © 1999 Clemson University Research Foundation. All rights reserved. NDS Authentication for Large IBM Systems and Applications

Copyright © 1999 Clemson University Research Foundation. All rights reserved. NDS Authentication for Unix

Copyright © 1999 Clemson University Research Foundation. All rights reserved. NDS for Authentication POP/IMAP

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Firewall Authentication User Cisco PIX AuthClient Intranet / Internet Livingston Steel-Belted Radius

NDS Web Security via Windows NT/UNIX/???

Copyright © 1999 Clemson University Research Foundation. All rights reserved. NDS Authentication through Windows NT/UNIX/??? to the Web Application: Employee Information System (EIS) Type: Web Server OS: Windows NT 4.0 Server enabling app: Website/Visual Basic

Copyright © 1999 Clemson University Research Foundation. All rights reserved. NDS Security Across the Intranet Authenticated Client Server Auth Client Authentication Server NDS Netscape IIS 32-bit DLL AUTHAGNT.NLM NDS Page request CheckEquiv Check Security Equivalence Locate user object and run equivalence list NT 4.0

Copyright © 1999 Clemson University Research Foundation. All rights reserved. AuthServ as an NDS Data Gateway Application: Call tracking system Type: Web Server OS: Windows NT 4.0 Server enabling app: Website/Visual Basic Not Assigned BILL BROYLES CCR DAVE DAVIDC DHF DHFRS DON JAMBO JHALL MIKE YATES DAVIDC

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Web Interface to Home Directories via AUTHSERV NDS Gateway Application: Personal pages Type: Web Server OS: Linux Server enabling app: Apache/Caldera

Copyright © 1999 Clemson University Research Foundation. All rights reserved. AuthServ Client Functions Password check Password change Resolve to fully distinguished name Check security equivalence Return group membership Get Effective Rights Others

Copyright © 1999 Clemson University Research Foundation. All rights reserved. WebAuth: Web Single Sign-On Workstation 3rd Party WebServer WebAuth Client AuthAgnt NLM NDS WebAuth NLM Auth Client Web Browser 1 Web Browser 2 DCIT Authentication WebServer WebAuth Trusted Client CHECK STORE Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user. Redirect

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Caldera OpenLinux and Apache Web gateway to NetWare file system Caldera OpenLinux AuthC Browser AuthServer File Server File Server File Server File Server File Server

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Web Interface to Department Pages Application: Departmental pages Type: Web Server OS: Linux Server enabling app: Apache/Caldera

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Caldera OpenLinux and Apache First attempt to provide web services via Novell made use of Novell’s intraNetWare Web Server 1.0 which simply was not reliable Caldera OpenLinux provided robust UNIX connectivity to NDS and supported the industry standard Apache web server Out of the box Caldera/Apache did not provide home directory redirection and/or authentication –It did however provide the source code needed to make these modifications

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Caldera OpenLinux and Apache Mods Added a module that would link Apache’s user directory directive to the user’s Novell home directory –Making point to EMPLOYED/USR02:\USERS\U20\ERICH\PUBLIC.WWW Since Caldera is NDS aware, this also allows us to serve group web sites via their own group servers

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Added another module using the previously mentioned authentication server routines to provide both user and group authentication –Makes use of standard HTACCESS format with additional Novell directives Caldera OpenLinux and Apache Mods

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Using NDS to Secure Web Pages NovellAuth on AuthName Novell Tree AuthType Basic require user gmcochr require user kellen require group.resadmin.groups.employee.clemsonu

NDSNDS intraNetWare server BintraNetWare server A AUTHAGNT.NLM intraNetWare server C RACF AuthClient POPd AuthClient Web site WebApp User workstation (Windows 95/Windows NT and Mac workstation) Eudora TN3270Netscape † LOGIN.EXE AuthClient Apache WebApp AUTHAGNT.NLM OnlinesVTAM MAIL (Solaris) NT ServerOpenLinuxMainframe (MVS)

Design

Copyright © 1999 Clemson University Research Foundation. All rights reserved. AuthAdmn Win32 App AuthRslv NLM AuthAgnt NLM Agent NW Server 1 Census AuthMgr NLM Manager NW Server Master Census AuthClient ‘95/’98/NT Workstation Administrator AuthRslv NLM AuthAgnt NLM Agent NW Server 2 Census AuthRslv NLM AuthAgnt NLM Agent NW Server N Census

Copyright © 1999 Clemson University Research Foundation. All rights reserved. AuthAdmn Win32 App AuthRslv NLM AuthAgnt NLM Agent NW Servers Census AuthMgr NLM Manager NW Server Master Census ‘95/’98/NT Workstation Administrator AuthClient

Census

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Classic Tree Design-Organizational Corp R&D Prod ProductionAdmin Company Sales Proj1 Proj2 Mkting ActngSupport Bob Emma Fred Sally

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Classic Tree Design - Geographical New York LAEurope Company Asia Mkting ProdR&D Bob Emma Mkting ProdR&D Fred Sally

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Clemson Tree Design UsersOrganizations ClemsonU

Copyright © 1999 Clemson University Research Foundation. All rights reserved. CU - Every Person Has a Place A toZ A Z A Z StudentsMisc.Employee ClemsonU Organizations

Copyright © 1999 Clemson University Research Foundation. All rights reserved. CU - Every Group Has a Place Users AthleticsDCIT ForestryResearchDean's office CAFLSCES ClemsonU

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Client32 Login

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Novell’s Catalog Services User locatable database of directory information Query APIs The catalog object Snapin Dredger NetWare 5.x.d.employee.clemsonu

Copyright © 1999 Clemson University Research Foundation. All rights reserved. A Tale of Two Bobs New York LAEurope Company Asia Mkting ProdR&D Bob Emma Mkting ProdR&D Fred Sally Bob

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Novell’s Catalog Services - 2 Bobs bob.mkting.New York.company.prod.LA.company Duplicate keys require the user to choose his context at login time.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Catalog Services Issues Catalog Object NDS Synchronization is tricky. Heterogeneous Systems can be fooled by the catalog. Heterogeneous Systems cannot handle duplicate Catalog entries. Only supported in NetWare 5.x Catalogs can only contain objects in it’s NDS tree.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Census - Unique Catalog Services Catalog Services with Rules. Provide for true Universal IDs. Trawls specified sections of Tree. Periodic and On-Demand Trawls. Can Use a Catalog as Input. Not an NDS object. Supports Multiple Trees. Collisions are resolved once.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Census Definitions Org Unit Recurse Expand Group (member) Org Role (occupant) User Catalog Supported Objects

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Big Picture Agent Resolver Census New Census Manager Census Administrator Client Auth Config Exception Report Data Flow Command Flow NDS

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Exceptions

UB=ALL User Bases UB=FACULTY UB=STAFF FACULTY STAFF ALL FACULTY Agent

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Mass User Management HR Directory Services UserBases MUM

Requirements

Copyright © 1999 Clemson University Research Foundation. All rights reserved. AuthAdmin Requirements Windows ‘95/’98/NT Workstation 64 MB RAM Client32

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Manager Server Requirements NetWare 4.11/5.x P-100 or higher (recommended) 1 MB RAM/2000 census users (free cache buffers) 1 MB Disk/10,000 census users No local replicas required.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Agent Server Requirements NetWare 4.11/5.x P-166 or higher (process concurrent requests with no local replicas) 1 MB RAM/2000 census users (free cache buffers) 1 MB Disk/10,000 census users No local replicas required. TCP/IP configured.

Benefits

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Benefits Improved computing usability. Uniform authentication security. Uniform application security across systems is now a possibility. Uniform password rules. Easy to deploy new systems. Password resets are almost non- existent.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. More Benefits Improved Security on some systems Consistency across systems and applications. Stronger Passwords are used on all systems. Allow you to leverage the strengths of heterogeneous systems without sacrificing usability and security.

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Clients Supported - 3/17/99 MVS RACF Version 1.9 and later Solaris Version 2.6 and later HP/UX Version 11.0 and later Red Hat Linux Version 4.2 and later Windows NT Version 4.0 and later Windows 95 B and Windows 98

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Clients MVS - RACF MVS - ACF2 Solaris HP/UX Linux Windows NT Windows ‘95/’98 IRIX AIX PeopleSoft POPd Livingston Radius PIX BSD Apache Open Linux Miscellaneous Applications

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Comparing NDS for Solaris IPX only environment supported Pure NW 4.x environment supported Non-intrusive install into Solaris No NDS object assignments required No [Public] NDS rights assignments API available to Solaris apps Inexpensive Site license Multiple tree support is possible

Copyright © 1999 Clemson University Research Foundation. All rights reserved. Comparing NDS for Solaris Ensures that there are no duplicate user names across the entire NDS tree. No user migration is required. Does not require unique UNIX uids across the entire system. Supports multiple user UIDs across heterogeneous UNIX systems. Not a large leap.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.