校園網路服務單一登入之研究與實作

Abstract

隨者資訊設備的普及與網際網路的高度發展，不論是政府、企業、教育單位…等，皆以實現E化為目標。在校園中為因應不同的需求而開發了許多分散且不同的系統，對使用者而言，卻常需要針對不同的系統重覆登入帳號密碼各自認證，造成使用者的困擾與不便。此外，使用者要去記得每個帳號與密碼並不是一件容易的事，更何況系統管理員要去管理眾多主機上的帳號也是一件棘手的事。本研究主要提出一套解決使用者認證與確保驗證資料安全的解決方案，我們使用輕量級目錄服務(LDAP)實作單一登入(Single Sign-On;SSO)的概念，讓使用者 只要通過一次身份驗證，就可以在不同的網站間進行資料存取，而不必一再重覆身份驗證的動作，讓使用者可以方便與安全的使用各項網路服務，對於網管人員來說更可以有效的提昇管理效率。

With the popularity of IT equipment and the high penetration of the Internet,organizations including governments, business associations, and educational institutions,all are seeking for E-tailor solutions to provide their services. Based on the different needs of the campus, many dispersed and diverse systems were developed. However, it causes the users distress and inconvenience because different systems require user authentication with username and password. Besides, it is not easy for people to remember each username and password when there are so many different systems.Furthermore, it is a difficult task for the system administrator to manage user accounts on so many systems.In this study, we proposed a secured solution to ensure the safety of user authentication and verification data security. We adopt an LDAP(Lightweight Directory Access Protocol) server to implement the Single Sign-ON (SSO) facility. This feature allows the users to access different websites through a one-time authentication. It also lets the administrators can effectively do their network management tasks in more efficient way.