copyright © 1999 clemson university research foundation. all rights reserved. authentication server...
TRANSCRIPT
![Page 1: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/1.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Authentication ServerAuthentication Server
Idea born in interdepartmental task force Too many userid/password combinations
for each user to rememberNeed central set of secure servers that all
systems use for authenticationClemson University Personal ID (CUPID)Prototyped/tested in late ‘95/spring ‘96Production on July 1, 1996
![Page 2: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/2.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Authentication ServerAuthentication Server
Mail authC
Web authC
mainframe authC
UNIX authC
NetWare authC
Sun authC
Windows NT authCOracle† authC
![Page 3: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/3.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
ArchitectureArchitecture
Directory Services
Authentication Server Agent
Authentication Server Client
System Integration
AuthServ-EnabledApplication
Native Application
User
![Page 4: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/4.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Architecture PossibilitiesArchitecture Possibilities
Directory 1
Authentication Server Agent
Authentication Server Client
System Integration
AuthServ-EnabledApplication
Native Application
User
Directory 2 Directory 3
![Page 5: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/5.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Client Integration - System LevelClient Integration - System Level
Applications
AuthClient
RACF
SAFRACF API
IDMSTSODB2?
Applications
AuthClient
/ETC/PASSWD
PAM
LoginFTPSys?
MVS Unix
![Page 6: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/6.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Client Integration - Application Client Integration - Application LevelLevel
NT
AuthClient DLL
CGI
Internet InformationServer (IIS)
Unix
AuthClient BIN
POPd
![Page 7: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/7.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Authentication ServerAuthentication Server
NetWare Loadable Module (NLM) is multithreaded
Clients use common code base Clients have built-in failover capability Communication based on TCP/IP sockets > 90% successful password checks
complete in less than 0.1 seconds > 4 million requests serviced by primary
server over a 6 week period (100,000/day)
![Page 8: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/8.jpg)
AuthServ ApplicationsAuthServ Applications
![Page 9: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/9.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
NDS Authentication for Large NDS Authentication for Large IBM Systems and ApplicationsIBM Systems and Applications
![Page 10: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/10.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
NDS Authentication for UnixNDS Authentication for Unix
![Page 11: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/11.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
NDS for Authentication POP/IMAP NDS for Authentication POP/IMAP
![Page 12: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/12.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Firewall AuthenticationFirewall Authentication
User User User User
Cisco PIX
AuthClient
Intranet / Internet
Livingston Steel-Belted Radius
![Page 13: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/13.jpg)
NDS Web Security viaNDS Web Security viaWindows NT/UNIX/???Windows NT/UNIX/???
![Page 14: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/14.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
NDS Authentication through NDS Authentication through Windows NT/UNIX/??? to the Windows NT/UNIX/??? to the WebWeb
Application:Employee InformationSystem (EIS)
Type:Web
Server OS:Windows NT 4.0
Server enabling app:Website/Visual Basic
![Page 15: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/15.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
NDS Security Across the IntranetNDS Security Across the Intranet
AuthenticatedClient
ServerAuthClient
AuthenticationServer
NDS
Netscape IIS32-bitDLL
AUTHAGNT.NLM
NDS
Page requestCheckEquiv
Check SecurityEquivalence
Locate user objectand run equivalencelist
NT 4.0
![Page 16: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/16.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
AuthServ as an NDS Data GatewayAuthServ as an NDS Data Gateway
Application:Call tracking system
Type:Web
Server OS:Windows NT 4.0
Server enabling app:Website/Visual Basic
Not AssignedBILLBROYLESCCRDAVEDAVIDCDHFDHFRSDONJAMBOJHALLMIKEYATES
DAVIDC
![Page 17: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/17.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Web Interface to Home Directories Web Interface to Home Directories via AUTHSERV NDS Gatewayvia AUTHSERV NDS Gateway
Application:Personal pages
Type:Web
Server OS:Linux
Server enabling app:Apache/Caldera
http://www.clemson.edu/~acollin
![Page 18: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/18.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
AuthServ Client FunctionsAuthServ Client Functions
Password checkPassword changeResolve to fully distinguished nameCheck security equivalenceReturn group membershipGet Effective RightsOthers
![Page 19: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/19.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
WebAuth: Web Single Sign-OnWebAuth: Web Single Sign-On
Workstation3rd Party
WebServerWebAuth
Client
AuthAgntNLM
NDS
WebAuthNLM
AuthClient
WebBrowser
1
WebBrowser
2
DCITAuthentication
WebServer
WebAuthTrustedClient
CHECK
STORE
Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user.
Redirect
![Page 20: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/20.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Caldera OpenLinux and ApacheCaldera OpenLinux and Apache
Web gateway to NetWare file system
Caldera OpenLinux
AuthC
Browser
Browser
Browser
Browser AuthServer
FileServer
FileServer
FileServer
FileServer
FileServer
![Page 21: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/21.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Web Interface to Department Web Interface to Department PagesPages
Application:Departmental pages
Type:Web
Server OS:Linux
Server enabling app:Apache/Caldera
http://dcitnds.clemson.edu/CSO/depts/maint
![Page 22: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/22.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Caldera OpenLinux and ApacheCaldera OpenLinux and Apache
First attempt to provide web services via Novell made use of Novell’s intraNetWare Web Server 1.0 which simply was not reliable
Caldera OpenLinux provided robust UNIX connectivity to NDS and supported the industry standard Apache web server
Out of the box Caldera/Apache did not provide home directory redirection and/or authentication– It did however provide the source code needed to
make these modifications
![Page 23: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/23.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Caldera OpenLinux and Apache Caldera OpenLinux and Apache ModsMods
Added a module that would link Apache’s user directory directive to the user’s Novell home directory– Making http://www.clemson.edu/~erich point to
EMPLOYED/USR02:\USERS\U20\ERICH\PUBLIC.WWW
Since Caldera is NDS aware, this also allows us to serve group web sites via their own group servers
![Page 24: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/24.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Added another module using the previously mentioned authentication server routines to provide both user and group authentication– Makes use of standard HTACCESS format with
additional Novell directives
Caldera OpenLinux and Apache ModsCaldera OpenLinux and Apache Mods
![Page 25: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/25.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Using NDS to Secure Web PagesUsing NDS to Secure Web Pages
NovellAuth onAuthName Novell TreeAuthType Basic <Limit GET POST>require user gmcochrrequire user kellenrequire group .resadmin.groups.employee.clemsonu</Limit>
![Page 26: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/26.jpg)
NDS
intraNetWare server BintraNetWare server A
AUTHAGNT.NLM
intraNetWare server C
RACF
AuthClientAuthClient
POPd
AuthClient
Web site
WebApp
User workstation (Windows 95/Windows NT and Mac workstation)
Eudora TN3270 Netscape† LOGIN.EXE
AuthClient
Apache
WebApp
AUTHAGNT.NLM AUTHAGNT.NLM
OnlinesVTAM
MAIL (Solaris) NT Server OpenLinuxMainframe (MVS)
![Page 27: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/27.jpg)
DesignDesign
![Page 28: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/28.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
AuthAdmnWin32 App
AuthRslv NLMAuthAgnt
NLM
Agent NW Server 1
Census
AuthMgrNLM
Manager NW Server
MasterCensus
AuthClient
‘95/’98/NT Workstation Administrator
AuthRslv NLMAuthAgnt
NLM
Agent NW Server 2
Census
AuthRslv NLMAuthAgnt
NLM
Agent NW Server N
Census
![Page 29: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/29.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
AuthAdmnWin32 App
AuthRslv NLMAuthAgnt
NLM
Agent NW Servers
Census
AuthMgrNLM
Manager NW Server
MasterCensus
‘95/’98/NT Workstation Administrator
AuthClientAuthClientAuthClient
![Page 30: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/30.jpg)
CensusCensus
![Page 31: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/31.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Classic Tree Design-OrganizationalClassic Tree Design-Organizational
Corp
R&D Prod
Production Admin
Company
Sales
Proj1 Proj2
Mkting Actng Support
Bob
Emma Fred
Sally
![Page 32: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/32.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Classic Tree Design - GeographicalClassic Tree Design - Geographical
New York LA Europe
Company
Asia
Mkting Prod R&D
Bob Emma
Mkting Prod R&D
Fred Sally
![Page 33: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/33.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Clemson Tree DesignClemson Tree Design
Users Organizations
ClemsonU
![Page 34: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/34.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
CU - Every Person Has a PlaceCU - Every Person Has a Place
A to Z A to Z A to Z
Students Misc. Employee
ClemsonU
OrganizationsOrganizations
![Page 35: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/35.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
CU - Every Group Has a PlaceCU - Every Group Has a Place
UsersUsers Athletics DCIT
Forestry Research Dean's office
CAFLS CES
ClemsonU
![Page 36: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/36.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Client32 LoginClient32 Login
![Page 37: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/37.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Novell’s Catalog ServicesNovell’s Catalog Services• User locatable database of directory information
• Query APIs• The catalog object• Snapin• Dredger• NetWare 5.x
.d.employee.clemsonu
![Page 38: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/38.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
A Tale of Two BobsA Tale of Two Bobs
New York LA Europe
Company
Asia
Mkting Prod R&D
Bob Emma
Mkting Prod R&D
Fred Sally
Bob
![Page 39: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/39.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Novell’s Catalog Services - 2 BobsNovell’s Catalog Services - 2 Bobs
bob
.mkting.New York.company
.prod.LA.company
Duplicate keys require the user to choose his context at login time.
![Page 40: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/40.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Catalog Services IssuesCatalog Services IssuesCatalog Object NDS Synchronization is
tricky.Heterogeneous Systems can be fooled
by the catalog.Heterogeneous Systems cannot handle
duplicate Catalog entries.Only supported in NetWare 5.xCatalogs can only contain objects in
it’s NDS tree.
![Page 41: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/41.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Census - Unique Catalog ServicesCensus - Unique Catalog Services
Catalog Services with Rules.Provide for true Universal IDs.Trawls specified sections of Tree.Periodic and On-Demand Trawls.Can Use a Catalog as Input.Not an NDS object.Supports Multiple Trees.Collisions are resolved once.
![Page 42: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/42.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Census DefinitionsCensus Definitions
• Org Unit• Recurse• Expand
• Group (member)• Org Role (occupant)• User• Catalog
Supported Objects
![Page 43: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/43.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Big PictureBig Picture
Agent
Resolver
Census NewCensus
Manager
CensusAdministrator
Client
AuthConfig
ExceptionReport
Data Flow
Command Flow
NDS
![Page 44: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/44.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
ExceptionsExceptions
![Page 45: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/45.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
UB=ALL
User BasesUser Bases
UB=FACULTY
UB=STAFF
FACULTYSTAFF
ALL
FACULTY
Agent
![Page 46: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/46.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Mass User ManagementMass User Management
HR
Directory
Services
UserBases
MUM
![Page 47: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/47.jpg)
RequirementsRequirements
![Page 48: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/48.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
AuthAdmin RequirementsAuthAdmin Requirements
Windows ‘95/’98/NT Workstation64 MB RAMClient32
![Page 49: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/49.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Manager Server RequirementsManager Server Requirements
NetWare 4.11/5.xP-100 or higher (recommended)1 MB RAM/2000 census users (free
cache buffers)1 MB Disk/10,000 census usersNo local replicas required.
![Page 50: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/50.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Agent Server RequirementsAgent Server Requirements
NetWare 4.11/5.xP-166 or higher (process 25-50 concurrent
requests with no local replicas)1 MB RAM/2000 census users (free cache
buffers)1 MB Disk/10,000 census usersNo local replicas required. TCP/IP configured.
![Page 51: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/51.jpg)
BenefitsBenefits
![Page 52: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/52.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
BenefitsBenefits
Improved computing usability.Uniform authentication security.Uniform application security across
systems is now a possibility.Uniform password rules.Easy to deploy new systems.Password resets are almost non-
existent.
![Page 53: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/53.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
More BenefitsMore Benefits
Improved Security on some systemsConsistency across systems and
applications.Stronger Passwords are used on all
systems.Allow you to leverage the strengths
of heterogeneous systems without sacrificing usability and security.
![Page 54: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/54.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Clients Supported - 3/17/99Clients Supported - 3/17/99
MVS RACF Version 1.9 and laterSolaris Version 2.6 and laterHP/UX Version 11.0 and laterRed Hat Linux Version 4.2 and laterWindows NT Version 4.0 and laterWindows 95 B and Windows 98
![Page 55: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/55.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Clients Clients
MVS - RACF MVS - ACF2 Solaris HP/UX Linux Windows NT Windows ‘95/’98 IRIX AIX
PeopleSoft POPd Livingston Radius PIX BSD Apache Open Linux Miscellaneous
Applications
![Page 56: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/56.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Comparing NDS for SolarisComparing NDS for Solaris
IPX only environment supportedPure NW 4.x environment supportedNon-intrusive install into SolarisNo NDS object assignments requiredNo [Public] NDS rights assignmentsAPI available to Solaris appsInexpensive Site licenseMultiple tree support is possible
![Page 57: Copyright © 1999 Clemson University Research Foundation. All rights reserved. Authentication Server Idea born in interdepartmental task force Too many](https://reader036.vdocument.in/reader036/viewer/2022062407/56649e435503460f94b37232/html5/thumbnails/57.jpg)
Copyright © 1999 Clemson University Research Foundation. All rights reserved.
Comparing NDS for SolarisComparing NDS for Solaris
Ensures that there are no duplicate user names across the entire NDS tree.
No user migration is required.Does not require unique UNIX uids
across the entire system.Supports multiple user UIDs across
heterogeneous UNIX systems.Not a large leap.