SDT Tech Briefing

50 %
50 %
Information about SDT Tech Briefing

Published on June 19, 2007

Author: Mentor


Stanford Desktop Tools:  Stanford Desktop Tools Making the Move from MacLeland and PC-Leland to Stanford Desktop Tools Ammy Hill, IT Services 23 February 2007 Tech Briefing, Turing Auditorium Short History of PC-Leland & MacLeland:  Short History of PC-Leland andamp; MacLeland PC- and MacLeland Were Developed at Stanford To support the use of Stanford’s eccentric Kerberos authentication infrastructure in the early days of Windows and Mac OS User authentication for client software like Eudora or Samson User authentication for some web-based services (via S/Ident) To help emphasize the importance of secure computing as part of a memorable user education campaign in the mid-90s To provide other useful features in a single convenient package Secure screen lock POP mail proxy to support Kerberos 4 authentication for email AFS file system mounting (additional software required) GUI for managing Kerberos tickets and issuing AFS commands SUNet ID password change functionality No Existing Tools for Mac or PC Then Met Our Needs Why Move Away From PC-/MacLeland?:  Why Move Away From PC-/MacLeland? If We Build It, We Have to Maintain It Homespun software is expensive to support: minimally customized standards-based open source solutions are a better alternative Kerberos Authentication Has Become Widely Used So Microsoft, Apple, other vendors, open source projects, etc., now offer plenty of Kerberos and AFS software that meets our needs PC-/MacLeland Features Are No Longer Required Windows and Mac OS X have built-in support for Kerberos Windows and Mac OS now provide easy-to-use secure screen locks The mail proxy is unneeded andamp; shouldn’t be used: KPOP is K4 only Because of a security flaw, S/Ident, which among other things once mimicked 'single sign-on' for HTTP sessions, is no longer in use Stanford Desktop Tools Updates ESS Software! Kerberos Authentication at Stanford:  Kerberos Authentication at Stanford Stanford Is Retiring Its Obsolete K4 Infrastructure As of April 2008 Stanford will be strictly a Kerberos 5 operation SDT, which supports K5 only, is where this infrastructural change meets desktop computing Kerberos, the 3-headed dog from Greek mythology, still has only 3 heads, though… Stanford Desktop Tools: Installation:  Stanford Desktop Tools: Installation SDT May Be Obtained from the Essential Stanford Software Web Site Installing SDT Will Remove Some Older Software Windows: PC-Leland and any old AFS software will be removed Macintosh: MacLeland will be removed SDT Requires Oracle Calendar Client Version 10 Kerberos for Windows is installed with SDT Samson for Windows, now used only for access to Spires applications and databases, appears to work with KfW, but this configuration isn’t supported Stanford Desktop Tools: Authentication:  Stanford Desktop Tools: Authentication SDT Provides Kerberos 5 Authentication Services Mac OS X (as of 10.2) ships with MIT Kerberos pre-installed SDT configures the Mac’s Kerberos software for use at Stanford The SDT dock icon menu provides easy access to an authentication dialog box and to Kerberos ticket status information Windows’ native Kerberos has to be supplemented The SDT installer also installs MIT Kerberos for Windows, including Network Identity Manager (NIM), and configures it for use at Stanford The SDT system tray icon functions like the Mac’s dock icon SDT allows concurrent user authentication to Stanford’s WIN.STANFORD.EDU and Kerberos realms on machines joined to the Stanford Windows Infrastructure NIM’s 'New Credentials' dialog box replaces PC-Leland’s log-on screen MIT Kerberos for Windows shows up as a separate software package in Add/Remove Programs All MIT Kerberos distributions include many useful command line tools Network Identity Manager Log-on Prompt:  Network Identity Manager Log-on Prompt Mac Kerberos Authentication Prompt:  Mac Kerberos Authentication Prompt Stanford Desktop Tools: Software Update:  Stanford Desktop Tools: Software Update SDT Keeps Essential Stanford Software Up-to-Date SDT’s Software Update works the same on Mac and Windows You configure SDT to check for updates on a schedule you prefer The default setting is to check once per week at noon You may specify daily, weekly or monthly checks at any hour You also specify which applications you want to keep updated For now SDT can only update or install a subset of all ESS software In a coming version SDT won’t be thus limited SDT is self-updating, unless you configure it not to be In SDT’s main window there is a link to a web page with more information about each application that it can install or update SDT’s System Tray or Dock Icon Is a Gateway… To Kerberos tools, software update tools, optionally AFS tools… Stanford Desktop Tools: Main Window:  Stanford Desktop Tools: Main Window Stanford Desktop Tools: Preferences:  Stanford Desktop Tools: Preferences Stanford Desktop Tools: OpenAFS:  Stanford Desktop Tools: OpenAFS If You Install OpenAFS, SDT Provides Quick Access The SDT system tray or dock icon menu lets you launch the AFS Controller or mount recently accessed AFS volumes from a list Windows: right-click the SDT system tray icon Mac: right-click, ctrl-click, or click-hold the dock icon OpenAFS provides context menus for both Mac OS and Windows If you right-click or ctrl-click an AFS directory in the Mac’s Finder or in Windows Explorer, there will be an AFS menu item that you can use to view or set ACLs, etc OpenAFS, as the name suggests, is an open source project The GUI AFS Controller has been developed at Stanford We have a good working relationship with the OpenAFS project team, but can only influence, not control, the direction of future development Stanford Desktop Tools: Single Sign-on:  Stanford Desktop Tools: Single Sign-on What Is Single Sign-on? A single log-in gains you access to multiple resources, such as web applications, that require you to identify, or 'authenticate,' yourself In other words, you don’t have to enter your password so often SDT Makes Single Sign-on Easier—but… At present only two groups of users will benefit Mac users, especially those whose local account’s short name and password match their SUNet ID and password exactly Windows users whose PCs are joined to the Stanford Windows Infrastructure and who log on to their WIN account The SDT for Windows installer configures both IE and Firefox for Stanford single sign-on SDT for the Mac will soon also configure Firefox, while Safari requires no special configuration Single Sign-on Continued:  Single Sign-on Continued Manual Configuration of Your Browser Is Easy Instructions are available here: And once you’ve configured the browser, you’ll also need to visit another web page where you’ll click a 'Test' and then an 'Enable' button that sets a persistent HTTP cookie for Stanford’s weblogin servers: Yesterday (22 February) Single Sign-on for Web Applications Became Possible for Windows Users The 2-way cross-realm trust between Stanford’s Windows Kerberos realm and the *nix-based MIT Kerberos 5 realm is now complete Again, only users who log on to Stanford’s WIN domain can benefit Some web applications (Axess, e.g.) still require a separate log-on Weblogin “Advanced Settings”:  Weblogin 'Advanced Settings' Weblogin “Advanced Settings”:  Weblogin 'Advanced Settings' Enabling HTTP Negotiate for Weblogin:  Enabling HTTP Negotiate for Weblogin On the Horizon:  On the Horizon Many Improvements to SDT Are Coming The ability to install and update site-licensed software that requires user authentication for download A revamped and more 'intuitive' user interface Performance enhancements, and oh so much more! MIT Kerberos for Windows 3.2 Expected in Spring A friendlier user interface that better hides all the geeky stuff Full support for Windows Vista (3.1 already runs on Vista, but it’s not supported on that platform) The 'New Credentials' dialog box will take focus as the frontmost window when authentication is required NIM Will Be Able to Change SUNet ID Passwords Probably by late March, once K5 is Stanford’s master realm for passwords: meanwhile it is recommended that one use the StanfordYou web site for password changes Moving to Stanford Desktop Tools:  Moving to Stanford Desktop Tools As of April 2008, When Stanford’s Kerberos 4 Realm Joins Other Forgotten Kingdoms in the Dustbin of History, No One Should Be Using PC-Leland or MacLeland Encourage the Computer Users You Support to Adopt SDT Sooner Rather Than Later When they get a new computer After a big annual deadline When other upgrades are happening SDT Is Self-Updating: To Have It Is Always to Have the Latest Version! As well as the latest versions of MIT Kerberos for Windows, OpenAFS (if installed), and other ESS software, with all the improvements, bug fixes, and security patches that the release of new software portends A Tech Express Talk on SDT Is Scheduled for March 22nd Frequently Asked Questions:  Frequently Asked Questions Frequently Asked Questions and Their Answers Are Now Available on the Stanford IT Services FAQ Site: Links for More Information:  Links for More Information SDT Documentation on the ESS Site SDT FAQ Pages;cat=23;cat=24 SDT Release Notes MIT Kerberos OpenAFS Project Stanford AFS Software Download and Documentation Any questions at the present time? We’re here to help you.If you do have questions, comments orconcerns about Stanford Desktop Tools:  Any questions at the present time? We’re here to help you. If you do have questions, comments or concerns about Stanford Desktop Tools:

Add a comment

Related presentations

Related pages

Stanford Desktop Tools | Many PPT

Stanford Desktop Tools STANFORD UNIVERSITY ? INFORMATION TECHNOLOGY SERVICES . Stanford Desktop Tools . Making the Move from MacLeland and PC-Leland to
Read more

MEPAG Briefing of Final Report of the 2020 Mars Rover ...

MEPAG Briefing of Final Report of the 2020 Mars Rover Science Definition Team (SDT) 2020 Mars Rover Science Definition Team (Jack Mustard, Chair)
Read more

Defensive Driving - SAFE DRIVE TRAINING - Defensive and ...

Defensive and Advanced Driving by Safe Drive Training - Asia-Pacific's leading driver training company
Read more

SDT Analyst Opinion | SandRidge Mississippian Trust I ...

See stock analyst recommendations for SandRidge Mississippian Trust I (SDT), including history of rankings (upgrades, downgrades).
Read more

Comet Surface Sample Return Mission Study Objectives

Comet Surface Sample Return Mission Study Objectives ... Tech, Cost, Sci value, Cost ... 2007 Nov 8 OPAG Briefing 13 Target Selection (2) SDT identified 9 ...
Read more

City briefing | Business | The Guardian

City briefing Friday 15 February ... Michael Wilson-Smith, a former solicitor, Minesh Ruparelia, a former solicitor, ... tech arts lifestyle fashion
Read more

SDT meeting #10 - NASA Solar System Exploration

SDT meeting #10 JPL, Pasadena February 4, 2014 Goals and Agenda Louise Prockter . Meeting Goal Develop recommendations on how to incorporate
Read more

University of North Dakota

UND Tech Accelerator; ... Briefing Paper; About JDOSAS; ... University of North Dakota. Explore. Job Openings; Health & Wellness; Libraries; Housing;
Read more

Ppt How-big-is-a-bug-mac-os-x-server | Powerpoint ...

View and Download PowerPoint Presentations on HOW BIG IS A BUG MAC OS X SERVER PPT. Find PowerPoint Presentations and Slides using the power of XPowerPoint ...
Read more