IT Times Logo
IT Times Logo

Table of Contents
About the IT Times
Back Issues
Talk to us!
Search the IT Times
  

Access to Campus Internet Resources Expands

by Vicki Suter and Doreen Meyer

There's good news if you use an Internet Service Provider (ISP) to access campus Web pages and newsgroups. With a new authentication service developed by Information Technology, all faculty, students, and staff can dial in to information resources restricted to campus affiliates from any off-campus location. This new service marks a substantial improvement over the previous authentication method, which allowed access only if the request came from a campus-based Internet Protocol (IP) address. (Internet Service Providers assign their own IP addresses.)

Access to campus Internet resources is controlled in order to protect copyright agreements, software licensing and distribution agreements, intellectual property, and student privacy rights. The Melvyl database, other specialized databases, class-related Web pages, site-licensed software, restricted departmental services, and UCD newsgroups are some examples of services that were previously inaccessible via a commercial Internet Service Provider.

Authentication

Simply stated, authentication proves your identity, just as logging in to your campus computer account with your user name and password verifies your identity to a particular computer system. In this case, authentication refers to providing your identity to the campus Kerberos server. (Kerberos was conceived at Massachusetts Institute of Technology as a secure way to allow users and services to authenticate themselves to each other.) The name and password required in this case are your UCD LoginID (or "new-style" LoginID) and your UCD Kerberos password.

Improved Security

The new distributed authentication service can support more restricted levels of access (which is particularly useful whenever security concerns are high) and can be tailored to departmental needs.

Web site managers on campus and at the UCD Medical Center may install the new authentication service on their local Web servers, configuring each server to restrict access to a specific set of files and directories.

This service takes advantage of elements of the distributed computing infrastructure already in place on campus, including:

  • The certificate service on the campus' high security Web server, the AFS file server (used with the Banner and DaFIS administrative applications);
  • The Kerberos server (used with WIRES, a secure mechanism for accessing student grades, account balances, and financial aid information); and
  • The SSL (secure socket layer) encryption capabilities provided by modern Web browsers and servers.

With these elements in place, your name and password will not be transported in clear text across the network during the authentication process.

Accessing Internet Resources

In order to read restricted Web pages or news services, you must first prove your association with the campus by entering your UCD LoginID and Kerberos password. (To find out about UCD LoginIDs and Kerberos passwords, see Resources at the end of this article.) Once you have proven your affiliation, you will be able to read any Web page secured within the ucdavis.edu domain for the duration of your browser session.

Improved services also include authenticated access to news.ucdavis.edu, the campus news server. To access newsgroups served by news.ucdavis.edu through a commercial ISP, point your Web browser to http://www.ucdavis.edu/authentication/news.html and follow the authentication steps.

Further Pilots

Additional services are being tested, including access to the Melvyl database, cbt at ucd courses (computer-based training materials), and the On-Line Learning Resources for Physics 7.

If you are interested in participating in further pilots, check the Web resources below for more details. Or come to a special presentation on April 21 to learn more about the new distributed authentication service (see Campus Presentations).

Vicki Suter and Doreen Meyer are with IT's Distributed Computing Analysis and Support (DCAS).

Resources

Email: authentication@ucdavis.edu

Web sites:
Distributed Authentication Service
Information for the general campus community is available at http://cr.ucdavis.edu/projects/distributed.htm.

Information for Technology Support Coordinators may be found at http://dcas.ucdavis.edu/access/distauth.

UCD LoginIDs and Kerberos Passwords
http://mothra.ucdavis.edu