Speaker
Mr
Dirk Jahnke-Zumbusch
(DESY)
Description
DESY operates some thousand computers, based on different operating systems. On
Servers and workstations not only the operating systems but many centrally supported
software systems are used. Most of these systems, operating and software systems come
with their own user and account management tools. Typically they do not know of each
other, which makes live harder for users, when you have to remember your different
passwords for different systems, and which is against the efforts for effective user
administration and support. The DESY-Registry is a 3-tier, web-based application,
which centralizes the user and account management for about 30 centrally supported
systems. Accounts and access to resources like operating systems (UNIX, Windows) and
prominent software systems (Oracle, RAS/VPN) as well as “virtual” systems, like
computing clusters, are managed. To enable de-centralized administration in a central
system, the DESY-Registry offers a role-based delegation mechanism, where
administrators are able to manage accounts of “their” users and the central support
group is able to manage every account. A workflow mechanism facilitates delegation
and automation takes care of account expiry an enforcement of regular password
policies. Since January 2005 the DESY-Registry is productive. We present details of
the project objectives and the solution as well as the experiences of one year of
operation.
Primary author
Mr
Dirk Jahnke-Zumbusch
(DESY)