Final year project...

What university are you studying at? I went to TIC in Brum and the course they ran with your degree title had a pretty cool ipv6 project - though I can't for the life of me remeber what it was now!

When looking for ideas for my project I went to library and checked out all the projects that got over 80% - gave me some good inspiration for my own project.
 
Statistical analysis into the performance of network storage protocols such as iSCSI vs NFSv3/v4?
 
develop a basic IDS system with some kind of spin, with FYP's you dont have to develop the next big thing, you can re-develop a current idea with a slightly different usage. For mine I did automated image analysis for skin tones for use with computer forensics. Image analysis and skin tones has been done before but generally not so much in an automated forensics slant.
 
UncleBensSauce said:
What university are you studying at? I went to TIC in Brum and the course they ran with your degree title had a pretty cool ipv6 project - though I can't for the life of me remeber what it was now!

When looking for ideas for my project I went to library and checked out all the projects that got over 80% - gave me some good inspiration for my own project.
Click to expand...

Staffordshire, I have tried our library but they only keep masters and phD projects.
 
I did a critical evaluation into Single Signon within a FOSS network, involved reasearch into current Authentication infrastructures (such as M$ AD and Novell Netware etc) and their backend components and creating a virtualised test enterprise where I configured a linux network to be as 'SSO' friendly as possible using nothing but open source components (And then the whole report writing of the setup/good bits/bad bits/future views etc)

ended up with Kerberos authentication, with kerberos backend data stored in a Multi-master LDAP replicated DB (Plus DNS backended to the same multi-master LDAP arch).

This was then used to authenticate to a second Multi-Maser LDAP DB (for security) in which user profile details for logons and permissions were held.

In the end the User could SSO:
*Onto the WIFI
*Logon to a desktop machine
*Kinit auth themselves onto the network if they were using their own linux laptop

Once on the desktop/Laptop, they:
*Received their user logon profile from the public LDAP along with shares, shell type etc
*Received encrypted authenticated NFS4 Shares for /home/%user%
*Could log onto IMAP via SSO
*Could log into the company intranet via SSO (Firefox configuration does need to occur for this)
*Pull company contact addresses out of the LDAP DB for email client address book

Only issue I had was with 802.1x SSO authentication. I Used OpenRadius and ended up using EAP-TTLS to create a secure tunnel in which to authenticate normally. The problem here is this does NOT create you a kerberos TGT or pass any kerberos info back to your client, so while you are logging on with the same username and password (you only have one un/pw system wide) you still need to KINIT once your laptop is authed onto the wireless network. (Basically two logon steps for this wifi configuration)

However, This should be resolved with the introduction of EAP-KerberosII http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4740231.

Hope this helps, may not be your cup of tea at all, but kept me far too busy for far too long :P... Never writing that much again!

//TrX

EDIT: This stuff seems to be getting better all the time in terms of the integration required for a project of this size, doubt you would run into any MIT kerberos bugs with the very young LDAP backend anymore when using any of the :RC4 ENC types, but may be wrong :P
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom