Responses to guest access question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Wed, 8 Oct 2003 10:23:46 -0400
- From: "Scot Capehart" <scot.capehart@xxxxxxxxxx>
- Subject: Responses to guest access question
Thank you to everyone who shared policies and observations regarding guest
access to public workstations in libraries with required network
authentication. I've compiled the responses from this listserv and
summarized just those below. I did post the question to other lists,
however, and the combined responses are very helpful.
The general trend seems to be that when network authentication is required,
most libraries choose to create a local guest account (or a guest account on
a domain administered by the library), which is available on all
workstations. This account is usually restricted in some way, though the
limits vary from fairly modest (an hour time limit) to extraordinarily
strict (OPAC access only).
To me, the most surprising detail to emerge was in how libraries are
managing access to these guest accounts. On this list and others, the
preferred method of management seems to be having librarians log guests in
and/or out of public workstations. This seems awfully cumbersome and
distracting from the real business of librarianship -- but maybe it doesn't
come up as often as I'm anticipating it will at Simmons.
Simmons College Libraries
"Our college is moving toward a security model that requires all users to
login to public workstations for any use. Our libraries, however, have
reciprocal use agreements with area colleges and those students will not
have accounts here.
"If your institution requires network authentication (for example, via LDAP)
for all computer use, how do you handle guest use? Do you assign a temporary
username and password to the guest? Do you have a local guest account on
public workstations? How are matters of security vs. access addressed?"
REQUIRES SUCCESSFUL NETWORK AUTHENTICATION TO USE A COMPUTER
Considering 3 21%
Not required 1 7%
Required 10 71%
AVAILABILITY OF LOCAL GUEST ACCOUNT ON PUBLIC WORKSTATIONS
On all workstations 10 71%
On some workstations 1 7%
No response 3 21%
GUEST ACCOUNT MANAGEMENT STRATEGIES MENTIONED
1 Generates user accounts on-the-fly.
2 Workstations always logged in with guest account.
2 Guest Username/Password posted by or on workstation.
2 Login printed on circulating card or temporary ID.
4 Librarians physically log users on and/or off.
2 Users must sign agreement to abide by access restrictions.
GUEST ACCOUNT LIMITATIONS/PERMISSIONS IN USE
2 Limited to the library catalog.
1 Limited to the Web.
3 No guest printing.
1 May only save files to a special folder if at all.
1 Websites limited to pre-selected resources or approved domain types.
2 Allows limited number of login sessions per semester or time period.
OTHER STRATEGIES USED TO SECURE PUBLIC WORKSTATIONS
. We also have a computer lab in the library that is formally restricted to
students, with an intentionally low-tech enforcement mechanism -- we have a
card tray on top of each computer where the student is supposed to place her
or his ID card while using the computer.
. We also use the login script to execute a custom socket application which
connects to the socket server and populates a custom logging database. This
way we can have data on when a university or non-university user uses a
particular machine, and for how long.
. Linux allows escalated hierarchy for login validation. (First check
Kerberos, then LDAP, then SMB.)
. We have two guest accounts set up...one allows printing to the networked
printers, the other does not.
BENEFITS REALIZED BY FORCED AUTHENTICATION AND GUEST ACCESS
. We do have a problem with community patrons hogging our resources (playing
games on reference workstations), that we have partially resolved via
signage and popup messages from librarians.
. Also, note that some of your licensed resources may be restricted to your
. We found that giving community users access to the internet brought in way
too much traffic--most of which was for general surfing, not research.
Restricting community users to library resources only has worked well--they
have access for research but general internet surfing is not permitted.
NEW PROBLEMS CREATED BY FORCED AUTHENTICATION AND GUEST ACCESS
. The legitimate-guest issue. (How to provide access to authorized guests
without assigned logins.)
. We are also concerned about patron privacy, and don't want to log the
information about who uses what computers.
. As a state school, we also believe that our library has a special
. We do have to train them to logout of their account back to the guest