In the METU Campus central computer based services are provided by Unix/Linux operating system derivatives. Services are given to the users under the supervision of the Computer Center (CC) with user codes saved on the central systems. In other words, in order for the users to gain access to central IT services, the users have to use their user codes defined on the central systems. In the campus, besides the public use computer labs established and run by the CC staff that are spread all around the campus, there are computer labs established and run by the departments themselves, specific to the students of the department and in addition there are the computers the staff use in their offices. To access to the central systems, say to get printout service, from all these computers, entry must be done using a registered user name and password. When access to the central systems is done using the name and password dual, it will be easier to keep the statistics of access to and leaving from the systems.
In common practice; while the operating systems and the software running on them at the central servers are open source coded and can be configured to need, at the client side most of the operating systems are of closed source coded Microsoft Windows family. MS Windows operating systems can only run central identification validation with either an "NT Domain Controller" or "Active Directory" structure.
User name/password dual and other necessary user and system information on the central servers can only be accessed with the LDAP (Lightweight Directory Access Protocol) service running on central servers. LDAP is a light weighted version of the X.500 directory access protocol, and can only provide access through TCP/IP protocol in plain or SSL/TLS encoding algorithms. LDAP is a data base where id info is kept in a hierarchical structure and which can generally be accessed as read only. The type of information kept in this data base is, groups, objects, object classes, person, group, organized object group name, last name, e-mail address, telephone, and user home directory. Actually, although the Active Directory runs on LDAP structure it is not compatible with the LDAP running on Unix/Linux systems. Even though there are different LDAP service software it is possible to get open source coded Open LDAP service software can be downloaded from http://www.openldap.org address and installation and configuration can be performed. At the address indicated and at many other places there is plenty of detailed documents about the software.
At the computers in METU CC labs either MS Windows or Linux operating systems are provided with "dual boot" during initial booting. The users are able to make the choice of the operating system during the first boot.
Linux operating systems can perform id validation with LDAP service without the need of any other software. The necessary packages (ldap client package, related library packages, pam-ldap, nss-ldap packages, and if decoding is used ssl library packages) for LDAP client to function can be installed during installation or after installation and the system can be accessed using LDAP authorization. The configuration can be done, depending on the version used, by the help of a graphic interface or by directly arranging the configuration files ldap.conf and pam_ldap.conf.
The software pGina can be used for MS Windows operating systems to perform id validation with the central LDAP service. The pGina is an open source coded software and it enables Windows systems to operate with external authorization services NT Domain Controller or Active Directory. The authorization services supported by pGina are mainly LDAP, PAM, FTP Profile, MySQL, POP3, NIS, Radius. Work on other different authorization services is continuing. The source code and the executable installation files of the pGina software can be accessed from the http://www.pgina.org/ address.
pGina software consists of two main parts. First, the basic pGina software is installed. The authorization plug-in to be used in the main software, whether the profiles are to be kept, group memberships, authority and other options are set.
Next the authorization service plug-in to be used is set up and configured. Since the LDAP authorization is used in METU central servers, the installation and the configuration of LDAP is shown here. While configuring the DNS name of the LDAP, method of LDAP, the setting for whether SSL would be used, user info search directory (contexts) and other options can be set.
Even though there may be differences depending on the configuration settings, the standard entry window of the Windows will look like the one shown below.
In the METU Computer Center labs, the info about log in/out and the purpose of the users, computer down time info, operator entry / exit info, used to be kept on the operator's computer by using labpro software interface, devised by the Computer Center making use of PostgreSQL (data base) / PHP (compiler) / Apache (web server) open source code software.
After the introduction of the pGina application, the users are now logging in using their central user name / password dual and the user info is automatically being transferred to labpro software via hamdi (central listener (receiver) / confirmatory) making use of the interfaces either himbil (for Windows clients) or dimbil (for Linux clients) which are all devised by the Computer Center.
In this study the possibility of coupling to Windows systems without the use of NT Domain Controller / Active Directory, just by using the central user names and that this can be structured to need by using interim software has been analyzed.
A solution is always possible, as long as there are open source coded software. That is why we should continue to advocate and support open source coded software.
Hoping to see you again in our next issue.
Selšuk Han AYDIN