Main Menu

Netron-built Computer Authorization System Helps the University of Toronto handle the Double Cohort PDF Print E-mail
Written by Administrator   
Sunday, 25 May 2008 16:43
The University of Toronto's Information Commons is responsible for the campus-wide computing infrastructure. IC has a mission to support and expand on-campus access to information technology resources to its students, faculty and staff.

In the spring of 2003, IC faced an interesting challenge. Since 1999, the Ontario secondary school system has been phasing out its 5-year OAC program, replacing it with a 4-year graduate program. In June 2003, the final group of OAC students graduated together with the first group from the new four-year program, creating a one-time surge of high-school graduates known as the "Double Cohort". At its peak in 2004-2005, some 33,500 additional secondary school graduates would be seeking a university education. This need to support a nearly 50% increase in freshman enrollment would stretch Information Commons' resources to the limit.

One resource in particular that's expecting much heavier demand is the Information Commons Public Access Facility, or PAF. The PAF provides computer workstations and printers that are publicly accessible to all students and faculty on a first-come, first-served basis. In years past, the equipment was available for use in a fairly unsupervised way: anonymous members of the public could walk in off the street to surf the Internet, and students could tie up a workstation all day if they wanted. This situation created a large backlog of people waiting to use the PAF computers. The Double Cohort would make the problem much worse; access to public terminals had to be controlled more rigorously, and time limits per user would have to be set, all without hiring more staff, purchasing more workstations or allocating more floor space.

The proposed solution: build a new Authentication/Authorization and Logging System which allows access to computing resources within a controlled environment. However, this would mean somehow integrating 3 different existing authentication systems running on three different operating systems into a single logon screen. Even worse, it had to be built, tested and installed before the first freshman showed up in September 2003, and it was already May! Information Commons approached Netron for help. In record time, Netron consultants built a single-signon authentication system that integrated the Windows NT logon, the Netware file server directory service, and authentication against a central Unix LDAP database.

The Authentication/Authorization and Logging System is broken up into two separate entities: one deals with verifying users' credentials and setting their session up correctly, and the other tracks the amount of time the user spends logged on from any PAF workstation during the day.

Using a customized Windows logon interface tied to Netware and Kerberos, plus a custom LDAP (Lightweight Directory Access Protocol) gateway, users are now verified at login against the existing main university database. Of course, there is still occasional need for outside users to have access. These users can register for temporary guest accounts, after showing a piece of valid identification. The need to support such users via anonymous access is eliminated.

Once the user is logged in, the duration of the session is tracked, even if they log off at one workstation and log on at another. An icon in the system tray shows them how much time they have remaining. Once their daily allocation is used up, or the facility is closing, the user is automatically logged off and cannot log back in until the next day. As the session expiry time approaches, warnings at intervals give the user time to save work and exit so that they are not caught off-guard by the automatic logoff.

The system administrator is able to block any PAF user who abuses their privileges; this will not affect their access to any other part of the university with their login ID credentials. The system also supports different types of users; for example, a guest account may only have Internet access, whereas a professor or graduate student can have a large set of applications at their disposal, with a larger time allocation.

The end result: Information Commons can now support more users with the same amount of hardware and staff, with less administrative headaches and greater control.

For more information, please contact Netron Sales at (416)636-8333 ext. 117, or email our This e-mail address is being protected from spambots, you need JavaScript enabled to view it department.

Last Updated ( Wednesday, 03 December 2008 13:01 )