Implementation Of The Unified Identity Authentication On Campus Network Based On LDAP

With the development of the Internet at full speed, the increasing network application makes the network administration more complex and insecurity. The risk- of deploying the applications in Internet is recognized and agreed widely. As a solution to the information assembling, categorizing, integrating and internet surfing, Campus Network Portal provides its users, such as students and faculties, with a unified platform to get access to its internal information. On this platform, we can realize the unified identity authentication and administration between the application systems by setting up a unified identity authentication system and Single Sign On system. It is an important link of the construction of information security system of the Campus Network.User unified identity authentication platform researches and developsidentity authentication system for the enterprise, provides a integrated user unified identity authentication system. Unified identity authentication systembased on directory service introduces LDAP protocol and uses distributed characteristic of directory service, organizes users'information and networkresources in a logic tree, which distributed over all application systems.Thatsimplifies communication between authentication center and application systems, and reduces the system's difficulty to realize. Compared with distributed networksystem centered on database, this method of realizing is extendable and themanagement to centralize, flexible, and simplified achievement.This system is based on three-side identical Kerberos authentication protocol.Amethod integrating authentication mechanism named Kerberos with LDAPprotocol is proposed.The paper mainly completed the design of authenticationserver, realized user unified authentication and authorization by AS and TGS. Adopting the conception of Ticket", the system achieves one-time grantmechanism and makes it easy for users and managements.The system supportsthe mutual authentication, and greatly improves the coefficient of security.At thesame time, it needs one-time identity authentication adopted single sign-on andacquires all authorized service by the transparent logon. The system centralizesthe loose users by Single Sign On technology, automates the user logon of theapplication service, decreases the users'waiting time.