Penn State has adopted Kerberos, a network authentication protocol developed by MIT, for authentication and LDAP for authorization. Kerberos uses strong cryptography to make it possible for a client to prove its identity to a server (and vice versa) across an insecure network connection. The Penn State Kerberos server has entries for all Penn State students, faculty, and staff. Likewise, the LDAP server that supports Penn State Directory Services contains entries for all Penn State students, faculty, and staff.
Penn State WebAccess is the Single Sign-On (SSO) solution for Web-based services that require authentication with a Penn State Access Account user ID and password. The WebAccess system, which uses the University of Michigan’s Cosign technology, provides an environment in which users authenticate/login once with their respective Access Account user IDs and passwords to a central server in order to access multiple services protected with WebAccess without needing to re-authenticate.
In addition to a user ID and password, all faculty and staff are required to verify their identities using Penn State’s Two-Factor Authentication (2FA) service.
The use of a Virtual Private Network (VPN) is required to access certain resources and services from a third-party network. All traffic exchange via the VPN is encrypted. The use of VPN ensures that only authorized uses access the network and that data is secure. Likewise, a VPN is required to authenticate to the Penn State Wireless service.
Penn State has also adopted Shibboleth, an Internet2 middleware initiative, designed to provide federated access management between Web-based resources, with an emphasis on security, scalability, and privacy as an infrastructure for inter-domain authentication and authorization.
An Access Account may be provisioned with one or more of the following services:
- Personal Web space
- Directory entry
All Access Account holders must abide by Policy AD20 Computer and Network Security. Violation of the policy or law may result in suspension of network access or other information service privileges, disciplinary action, and legal proceedings.