CalAgenda passwords (was Re: E-mail passwords)

On Thu, 16 Nov 2006, Mimi Mugler wrote:

> Tom:
> The plan for CalAgenda is to have it be able to use the
CalNet ID and 
> password. I think this will be possible when 11g comes
along next year as we 
> will be able to connect directly to the directory with
that version. In the 
> meantime, we should be able to get CalNet integration
working for those on 
> Active Directory and for those using the web client
without waiting for 11g. 
> I'm not working on these projects so I don't know the
exact time frame. These 
> fixes would negate the necessity for separate CalAgenda
password mechanisms.

My understanding from Sarah is that CalAgenda intentionally
doesn't track 
CalNet IDs for students (as opposed to staff & faculty),
since their CalNet 
IDs are the same as their student ID numbers, and CalAgenda
does not want to 
store student ID numbers.  Will this be obviated somehow in
11g, and students 
will be able to use their CalNetID & password to auth to
CalAgenda?


>
> Mimi
>
> At 1:04 PM -0800 11/16/06, Tom Maher wrote:
>> On Thu, 16 Nov 2006, Mimi Mugler wrote:
>> 
>>> Do you mean to *reset* their CalAgenda password
when they have forgotten 
>>> it?
>> 
>> Yes, but also to set it initially.  I imagine it
working something like...
>> 
>> 1) User asks me (the departmental CalAgenda support
person) for a CalAgenda
>>    account.
>> 
>> 2) I handle whatever procedures happen on my end,
and I send mail to
>>    calagenda-admin asking for the account to be
created.
>> 
>> 3) CalAgenda creates the account, but sets the
password to some arbitrarily
>>    long garbage string.
>> 
>> 4) CalAgenda emails me saying the account is ready.
>> 
>> 5) I mail the user, and tell them to go set their
password before they can 
>> use
>>    the account.
>> 
>> 6) User goes to htt
p://calagenda.berkeley.edu/set_my_password.cgi, logs in
>>    with their CalNet ID and password, and sets
their CalAgenda password.
>> 
>> 7) User can then log in to CalAgenda, and nobody
other than the actual 
>> person
>>    ever knows their password.
>> 
>> I realize this doesn't handle affiliate, role, and
resource accounts (I 
>> think I'm getting those terms right).  For them,
the current procedure 
>> would continue, I suppose.
>> 
>> --
>> Tom Maher       | EECS Dept, 327 Soda Hall, Univ.
of California, Berkeley
>> +1-510-717-4190 | Berkeley, CA, 94720-1776
>> 
>>
------------------------------------------------------------
------------
>> The following was automatically added to this
message by the list server:
>> 
>> For information about Micronet, including
subscribing to
>> or unsubscribing from its mailing list and finding
out
>> about upcoming meetings, please visit the Micronet
Web site:
>> <http://micronet.be
rkeley.edu/>.
>
>
>

-- 
Tom Maher       | EECS Dept, 327 Soda Hall, Univ. of
California, Berkeley
+1-510-717-4190 | Berkeley, CA, 94720-1776

------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.

>On Thu, 16 Nov 2006, Mimi Mugler wrote:
>
>>Tom:
>>The plan for CalAgenda is to have it be able to use
the CalNet ID 
>>and password. I think this will be possible when 11g
comes along 
>>next year as we will be able to connect directly to
the directory 
>>with that version. In the meantime, we should be
able to get CalNet 
>>integration working for those on Active Directory
and for those 
>>using the web client without waiting for 11g. I'm
not working on 
>>these projects so I don't know the exact time frame.
These fixes 
>>would negate the necessity for separate CalAgenda
password 
>>mechanisms.
>
>My understanding from Sarah is that CalAgenda
intentionally doesn't 
>track CalNet IDs for students (as opposed to staff &
faculty), since 
>their CalNet IDs are the same as their student ID
numbers, and 
>CalAgenda does not want to store student ID numbers. 
Will this be 
>obviated somehow in 11g, and students will be able to
use their 
>CalNetID & password to auth to CalAgenda?

Tom:
(trying to respond below, which should serve to confuse and
anger 
both people who like it chronologically and
non-chronologically, 
since I responded to you above previously.)

The issue was that one could enter a student ID into a
search field 
and discover a student's information. I believe that
functionality is 
being changed at our request. There may also be plans in the
works to 
either set the CalNet ID to something other than the student
ID or to 
allow students to change it as employees are currently
allowed to do. 
Also, the lion's share of accounts belong to people who also
have 
employee status so that we usually have an employee ID to
work with 
anyway.

Mimi


>
>
>>
>>Mimi
>>
>>At 1:04 PM -0800 11/16/06, Tom Maher wrote:
>>>On Thu, 16 Nov 2006, Mimi Mugler wrote:
>>>
>>>>Do you mean to *reset* their CalAgenda
password when they have 
>>>>forgotten it?
>>>
>>>Yes, but also to set it initially.  I imagine it
working something like...
>>>
>>>1) User asks me (the departmental CalAgenda
support person) for a CalAgenda
>>>    account.
>>>
>>>2) I handle whatever procedures happen on my
end, and I send mail to
>>>    calagenda-admin asking for the account to be
created.
>>>
>>>3) CalAgenda creates the account, but sets the
password to some arbitrarily
>>>    long garbage string.
>>>
>>>4) CalAgenda emails me saying the account is
ready.
>>>
>>>5) I mail the user, and tell them to go set
their password before 
>>>they can use
>>>    the account.
>>>
>>>6) User goes to htt
p://calagenda.berkeley.edu/set_my_password.cgi, logs in
>>>    with their CalNet ID and password, and sets
their CalAgenda password.
>>>
>>>7) User can then log in to CalAgenda, and nobody
other than the 
>>>actual person
>>>    ever knows their password.
>>>
>>>I realize this doesn't handle affiliate, role,
and resource 
>>>accounts (I think I'm getting those terms
right).  For them, the 
>>>current procedure would continue, I suppose.
>>>
>>>--
>>>Tom Maher       | EECS Dept, 327 Soda Hall,
Univ. of California, Berkeley
>>>+1-510-717-4190 | Berkeley, CA, 94720-1776
>>>
>>>------------------------------------------------
------------------------
>>>The following was automatically added to this
message by the list server:
>>>
>>>For information about Micronet, including
subscribing to
>>>or unsubscribing from its mailing list and
finding out
>>>about upcoming meetings, please visit the
Micronet Web site:
>>><http://micronet.be
rkeley.edu/>.
>>
>>
>>
>
>--
>Tom Maher       | EECS Dept, 327 Soda Hall, Univ. of
California, Berkeley
>+1-510-717-4190 | Berkeley, CA, 94720-1776


-- 
**********************************
Mimi Mugler
Programmer/Analyst
IST-IS-IA, UC Berkeley
mmuglerberkeley.edu
510.642.6157

------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.

Hello all,

I'm gonna piggy-back on this thread (CalAgenda/Calnet IDs)
with a new one.
We want to set up an electronic timesheet approval process
that takes place
online. In order to pass campus audit requirements, it's
been suggested that
security for this approval system has to meet CalNet ID
requirements.
Regardless of passwords, my primary concern at the moment is
how the user is
authenticated in our system if we do NOT use CalNet ID. In
other words, the
application in question currently bases it's security access
rights on the
users machine-level login name and password. I have a
feeling that would not
meet CalNet ID requirements, but I don't know. If someone
can point me to a
source of CalNet ID "specs" that'd be helpful. I
looked at the CalNet
Website, but I'm having trouble getting to the meat, so to
speak.

Thanks,

Bond 

-----Original Message-----
From: owner-micronet-listlists.berkeley.edu
[mailto:owner-micronet-listlists.berkeley.edu] On
Behalf Of Tom Maher
Sent: Thursday, November 16, 2006 2:41 PM
To: Mimi Mugler
Cc: micronet-listlists.berkeley.edu;
calAgenda-techsupportlists.berkeley.edu
Subject: Re: CalAgenda passwords (was Re: [Micronet] E-mail
passwords)

On Thu, 16 Nov 2006, Mimi Mugler wrote:

> Tom:
> The plan for CalAgenda is to have it be able to use the
CalNet ID and 
> password. I think this will be possible when 11g comes
along next year 
> as we will be able to connect directly to the directory
with that 
> version. In the meantime, we should be able to get
CalNet integration 
> working for those on Active Directory and for those
using the web client
without waiting for 11g.
> I'm not working on these projects so I don't know the
exact time 
> frame. These fixes would negate the necessity for
separate CalAgenda
password mechanisms.



------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.

Hello Micronet,

I've got some clarification from our IS folks on how the
system works here.
Basically, "our users get authenticated through Active
Directory on our
domain controllers ... not on the local machine.

When our users successfully log on, they get all their
rights from that
centralized server.  The password requirements are similar,
but perhaps not
as stringent as CalNet's.  On the other hand, we are
required to change ours
every 90 days."

So my question still is, how does this interface with the
CalNet ID
requirements. Obviously I'm not very techically savvy about
all this, so I'm
looking for sources of information.

Thanks,

Bond

-=-=-

-----Original Message-----
From: owner-micronet-listlists.berkeley.edu
[mailto:owner-micronet-listlists.berkeley.edu] On
Behalf Of E. Bond
Francisco
Sent: Thursday, November 16, 2006 4:24 PM
To: 'Tom Maher'; 'Mimi Mugler'
Cc: micronet-listlists.berkeley.edu;
calAgenda-techsupportlists.berkeley.edu
Subject: [Micronet] RE:CalNetID criteria

Hello all,

I'm gonna piggy-back on this thread (CalAgenda/Calnet IDs)
with a new one.
We want to set up an electronic timesheet approval process
that takes place
online. In order to pass campus audit requirements, it's
been suggested that
security for this approval system has to meet CalNet ID
requirements.
Regardless of passwords, my primary concern at the moment is
how the user is
authenticated in our system if we do NOT use CalNet ID. In
other words, the
application in question currently bases it's security access
rights on the
users machine-level login name and password. I have a
feeling that would not
meet CalNet ID requirements, but I don't know. If someone
can point me to a
source of CalNet ID "specs" that'd be helpful. I
looked at the CalNet
Website, but I'm having trouble getting to the meat, so to
speak.

Thanks,

Bond 



------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.