Information Technology at JPL

Directory and Authentication Service

JPL IT - Directory and Authentication Service

About the JPL Domain

The JPL Domain is an institutionally available Windows 2000 Active Directory architecture.

The JPL Windows Infrastructure system provides a central repository for JPL Windows user authentication accounts. This repository contains user names, passwords, group and user memberships, user login scripts, user profiles, and domain trusts.

The Windows Infrastructure is a Windows 2000 Active Directory (W2K/AD). Active Directory is a directory service used in Windows 2000 and is the foundation of Windows 2000 distributed networks. Active Directory uses a single labwide Windows 2000 domain (named to provide user authentication for Windows-based customers.

JPL Windows Infrastructure system supports Windows authentication for non-Active Directory aware clients, such as Windows 9x and NT 4.0, and Mac OS 9 and X, as well as Active Directory aware clients such as Windows 2000 Professional and XP.

  • Memberships
    1. Users have accounts in the JPL Domain (global users)
    2. Machines are members of the JPL Domain, unless a resource domain administrator wants user machine accounts in his/her resource domain.
  • Trusts
    1. One-way trusts
    2. JPL Domain is TRUSTED
    3. OUs are TRUSTING
  • Groups
    1. Local groups created in OUs
    2. Global users made members of these local groups
    3. Permissions given to local groups

An Example

  • User BJones is about to log into the JPL Domain. His domain username is bjones.
  • He sits at a machine which is member of an OU.
  • He logs in (authenticates) through the JPL Domain
  • His username is a member of a local group in the OU, and that group has been given access to certain directories. He can now access those directories.