Document

Download Report

Transcript Document 

Campus Experience: Pubcookie
University of Alabama at Birmingham
Academic Computing
Zach Garner
Overview
 Interfacing with an Existing Enterprise
Infrastructure
 Modifying Existing Applications
 Future Directions
Pre-requisites
 Requirements:
Need a central, authoritative person
directory
 Follow eduPerson, LDAP Recipe & other
NMI standards/practices
 Directory is used for enterprise
authentication (password assignment &
resets)

Interfacing with Enterprise
Authentication
 Pubcookie supports LDAP, Kerberos or
UNIX style authentication
 At UAB, authenticate off of central
username/password (“BlazerID”) via LDAP
 Password is protected



Type username/password into web browser
Passed to Pubcookie Login server over SSL
Use secure backchannel such as ldaps:// to
directory
Outcome
 Initial sign-on once a day allows access to all
pubcookie-protected campus web sites
without logging in again
Using Pubcookie
 Install a pubcookie Apache or IIS module on each
web server to be protected
 Put protected information in a directory protected
by this module
 User’s attempts to access the URL
 Pubcookie redirects them to login if they haven’t
yet today; otherwise cookie credential is checked
Uses for Pubcookie
 UAB has used Pubcookie for:

Distributing software to members of the UAB
community
Pubcookie Limitations
 All authenticated users are equal; useful for
resources available to entire campus only


Library materials
Licensed software
 Usually, the target population is smaller


Students in a particular school or class
Faculty, staff, students in School of Engineering
Modifying Existing
Applications
 The Problem


Many Web Applications create their own
authentication system
So, the user needs a username/password for each
application
 The Solution

Pubcookie-enable those applications to use
centralized username/password
Modifying Existing
Applications
 We Pubcookie-enabled two open source
applications


Bugzilla (Written in Perl)
PHPWebsite (Written in PHP)
 Similar changes were required for both
applications
Modifications
 Remove old user login/password web form


Instead, Pubcookie authenticates the user
Authenticated users can proceed if they also have
a Bugzilla or PHPwebsite account
 Change behavior of “Log Out” and “Change
Password” pages
Future Directions
 Modifying Pubcookie to support ClientSide SSL Certificates

Enables authentication of users without a user
remembering username/password
 Modifying Pubcookie to support PAM for
the authentication mechanism

PAM is a standard system for flexibly using a
large number of authentication systems.
Resources
 Linux implementation of PAM
www.kernel.org/pub/linux/libs/pam/
 Bugzilla www.bugzilla.org
 PHPWebsite http://phpwebsite.appstate.edu/
Academic Computing





David L. Shealy
Jill Gemmill
John-Paul Robinson
Jason Lynn
Kenn McCracken




Zach Garner
Ramesh Puljala
Rajani Sadasivam
Aditya Srinivasan