User database, authentication and authorisation: Difference between revisions
(Created page with "* Old UDB * New UDB * bandleader * Kerberos * LDAP") |
No edit summary |
||
| Line 1: | Line 1: | ||
Generally speaking, all users of a [[CSG]]-managed host — such as a lab computer, or a VLAB or login server — will have an account in one of CSE's user databases (UDB's). There are two of these: the [[Old UDB]] and the [[new UDB]]. | |||
The old UDB is legacy and will/should eventually be decommissioned, however some legacy hosts will use it. | |||
The new UDB is the old UDB's replacement based on PostgreSQL and LDAP. The contents of the two UDB's are synchronised. | |||
Both UDB's provide: | |||
# Linux account information for each user: [[UID]], [[GID]], home directory path/location and encrypted password | |||
# A hierachical class membership structure where each user can be a member of one or more classes where such membership identifies the role(s) each user plays in the school and potentially grants access to particular resources | |||
# The new UDB also contains email and [[mlalias|mailing list management]] tables. These tables are loosely coupled to the account information in the UDB allowing, amongst other things, for users to create and manage their own mailing lists | |||
== Authentication == | |||
For actual people, authentication in CSG-managed systems is almost always done using UNSW's zID/zPass system via Kerberos queries to UNSW's Active Directory (AD) servers. | |||
The UDB's, in addition to actual people accounts, maintain user accounts for non-people entities such as class accounts (such as for COMP1531, etc.), special purpose logins (such as those used during exams as part of the [[virtual exam environment]] setup on lab computers and [[VLAB]]. These are not authenticated via zID/zPass and instead use local CSE encrypted passwords stored in the UDB's. | |||
* [[Old UDB]] | * [[Old UDB]] | ||
* [[New UDB]] | * [[New UDB]] | ||
Revision as of 10:42, 28 August 2023
Generally speaking, all users of a CSG-managed host — such as a lab computer, or a VLAB or login server — will have an account in one of CSE's user databases (UDB's). There are two of these: the Old UDB and the new UDB.
The old UDB is legacy and will/should eventually be decommissioned, however some legacy hosts will use it.
The new UDB is the old UDB's replacement based on PostgreSQL and LDAP. The contents of the two UDB's are synchronised.
Both UDB's provide:
- Linux account information for each user: UID, GID, home directory path/location and encrypted password
- A hierachical class membership structure where each user can be a member of one or more classes where such membership identifies the role(s) each user plays in the school and potentially grants access to particular resources
- The new UDB also contains email and mailing list management tables. These tables are loosely coupled to the account information in the UDB allowing, amongst other things, for users to create and manage their own mailing lists
Authentication
For actual people, authentication in CSG-managed systems is almost always done using UNSW's zID/zPass system via Kerberos queries to UNSW's Active Directory (AD) servers.
The UDB's, in addition to actual people accounts, maintain user accounts for non-people entities such as class accounts (such as for COMP1531, etc.), special purpose logins (such as those used during exams as part of the virtual exam environment setup on lab computers and VLAB. These are not authenticated via zID/zPass and instead use local CSE encrypted passwords stored in the UDB's.