CUWebLogin

  • Provides Kerberos AuthN and Single Sign-On for CUWebAuth
    • Custom solution developed at Cornell
    • Written in C
  • Is a Kerberos proxy
  • NetID/password is supplied to CUWebLogin via login web page
    • Uses SSL
    • Uses Apache to serve up login web page
    • CUWebLogin authenticates via Kerberos on user's behalf
  • Uses CUSSP to transfer information between CUWebAuth and CUWebLogin
  • Uses DBM to store session information
  • Uses Kerberos 4 for NetIDs
  • Uses Kerberos 5 for GuestIDs
  • The same login web page is used for NetIDs and GuestIDs
  • Will be replaced by CUWebLogin 2.0
    • All new design
  • Production: 2 machines
  • No dynamic load balancing
    • CUWebAuth can be configured to use either of the 2 CUWebLogin servers
  • Fail over happens via CUWebAuth
    • CUWebAuth tries primary CUWebLogin server
    • If that fails, it tries the secondary
  • OS: Solaris 5.9
  • Machines are in server farm (Sun Sparc)
    • Two factor AuthN required for SSH login
    • Machines are split between Rhodes and CCC
  • Test: 2 machines
  • Dev: 2 machines
  • No labels