From: Nicola Foggi - Resnet Tech (nfoggi@resnet.depaul.edu)
Date: Fri Mar 30 2001 - 17:09:07 CST
We have implemented this at DePaul University... the DNS redirect happens
and sends them to http://apply.resnet.depaul.edu which then has a simple
php script that determines if they are on campus or off (to prevent
outside users hitting the site). If it's internal if does a http redirect
to https://apply.resnet.depaul.edu (which also checks to make sure
the host IP is internal to DePaul) which then starts the registration
process. Being the user first hits the non-secure site, there is no
problem with the certificate because the redirect puts the correct name
in.
We've actually taken security a step further and have an open SSH tunnel
between our registration server and the student email system. When they
type in there user name and password, it passes that information through
the SSH tunnel, so it's never passed plain text...
I think it's something that should definitely be considered as plain text
passwords anywhere is generally not a good thing...
Nicola Foggi
Information Services
DePaul University
>
> hello netreg folk;
>
> we're planning on implementing netreg here on campus at uchicago. it
> should go quite well. one thing, though:
>
> i noticed (when looking through the INSTALL.html) that the default is
> /not/ to use a secure http server when the users are putting in their
> usernames/passwords to authenticate with the netreg machine. i remember
> reading in the sysadmin article that southwestern uses the email
> password to do this...aren't you worried about people sniffing email
> passwords?
>
> a question that's more to the point is this: would it be worthwhile and
> possible to implement something like that?
>
> take care,
> loren
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
>
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:35 CDT