Penn State University

Steve Kellogg, Director, Advanced Information TechnologiesSteve Kellogg, Director, Advanced Information Technologies

Center for Academic ComputingCenter for Academic Computing

Authorizing Access to Services at Authorizing Access to Services at Penn State UniversityPenn State University

Penn State University

Authorizing Access

• HOW– “Baggage” v. “Luggage”

– Integrated everything• Authentication, authorization, namespace, management, filesystem

• Heterogenous

• What– File service

– Web service

– Applications

– Systems

– Delegation

Penn State University

Penn State Environment

• 24 Campus Locations

• ~74,000 Full Time Students

• ~5,000 Part Time Students

• ~25,000 Employees

• ~5,000 “Others”

Penn State University

CACTUS Center for Academic Computing Tracking of User Services

AccountsDatabase(Oracle)

Backend processes

External Data sources

User Services:

Access(DCE), Email, web, DFS, Database, backup,

Class News, Printing,Plotting, calendar,

LDAP,...

Java/webInterface

SignatureStations(end user$ Auth)

•One Account, Many Services•Organize data from disparate sources•Automation ALWAYS goal•Fully extensible•Scalability of services

Penn State University

Systems Access

• Lab systems– Windows

– MAC

– Unix(AIX, IRIX, Solaris)

• Modems– Authorized based on group membership

• ISP apps– email, netnews, …

Penn State University

DCE Production Applications

• Fileservice

• DFS

• 50MB Home Directories

•webmail, portal profiles, personal webspace

• 300 MB for HPC and VIZ users

• 10 MB quota increment per course

• Quota reduced at end of semester

• Site licenses for Solaris, AIX, NT, IRIX

Penn State University

DCE Production Applications• Group management

– Admin, HPC, Classes, Ad Hoc

– Web Authorization

– Shared DFS access

– 3 groups typically created for each group

- Delegated group management

- Group, group_admin, group_owner

Penn State University

DCE Production Applications• CAC Web Service

– AIX/Solaris/Linux

– Apache w/ & w/o mod_auth_dce

– Most content in DFS

– Load balanced w/ IBM’s Network Dispatcher

– JDBC and PerlDBI access to Oracle and DB2

.eg MicroSoft SW distribution

Penn State University

DCE Production Applications

• Web Servers (Gradient’s NetCrusader Security Adapter)

– Executive Information System (EIS)

– Library access to licensed Web content (LIAS)

– Purchasing Catalog

– Computer & Information Systems (C&IS) Web site

– Microcomputer Order Center (MOC)

– Smeal College of Business

– Electronic Testing Services (ETS)

Penn State University

DCE Production Applications• Other web service

– Office of Physical Plant• Linux, Apache, K5

– Office of Human resources• NT, IIS, Gradient DCE RT, VB

– Lab consultant management tools• AIX, K5, C

– Others that we don’t necessarily know about…

Penn State University

DCE Mandarin

• OS/390 Enterprise Server; ADABAS

• NT Web Servers; WebComm.dll– Authenticated RPC client

• Several services; same RPC code base– Student Apps (eLion)

– Business Apps (WebIBIS)

– Financial Apps (FIT)

• RPC protection level– integrity

– privacy

Penn State University

PKI at PSU

• CREN CA Pilot– OpenSSL

• Server Certs

• Short term certs– Kx509 auth in DCE cell

Penn State University

Questions?