Computer News No. 126  Mar-Apr 2007

HKU Joins eduroam for WiFi Access in Other Universities

    1. Introduction - What is eduroam?
    2. How to connect in other eduroam institutions?
    3. Security recommendation: remove cached password in your notebook computer

1. Introduction - What is eduroam?                                               

Connecting to the Internet through WiFi (Wireless Fidelity) connection is becoming more and more popular nowadays, as we see that all notebook computers and increasingly-more handheld devices, such as PDAs and smart phones, are now equipped with WiFi wireless networking capability.  To facilitate our students and staff to enjoy wireless access while visiting other universities, Computer Centre has joined the eduroam initiative in April this year. 

eduroam, or Education Roaming, is a WiFi mutual access initiative among member universities around the world.  Our participation in eduroam will enable cross-institutional WiFi access for our staff and students in local and overseas universities that are eduroam members.  On a reciprocal basis, staff and students of other eduroam institutions will be able to gain access to Internet through the WiFi coverage in our University.

Wireless network access via eduroam by our staff and students will be managed and regulated by means of user authentication using their email accounts associated with their HKU Portal UID and PIN based on the IEEE802.1x protocol standard.

Visit http://www.eduroam.hk for more information on eduroam and its member list.

Our users would be able to use eduroam at other eduroam institutions by following the procedure described below.  We are making the final testing of letting eduroam user gaining access on our campus WiFi network.  After ironing out any teething problem, the eduroam service is expected to be running normally by end of May 2007.

2. How to connect in other eduroam institutions?

 
In order to have Wi-Fi access while you are visiting an eduroam member institution, you must do the following installation in your notebook computer:
  1. Install HKUCA Root Certificate (issue date: August 1, 2005) in your notebook computer following the procedure given at http://www.hkuca.hku.hk/repository/index.html
  2. Configure your PC beforehand for connecting to eduroam.  Currently, we can support HKU users using Windows XP and Windows Vista to connect in other eduroam institutions. 
  3. Register to enable eduroam access by login HKU portal => "Services" tab => under 'Computer Centre Services', click "Registration for Enabling eduroam Access"

The above steps need only be done once.  After you finished the above steps, you will be able to access the WiFi network in other member institutions of eduroam.

When you wish to connect to the WiFi network in other eduroam institutions, do the following:

  1. Switch on your notebook computer.

  2. Choose the WiFi network named "eduroam" (i.e. SSID="eduroam") detected by your notebook computer.

  3. Wait for a while and when prompted, input your email address (yourUID@hku.hk) and HKU Portal PIN. 

  4. If the login authentication is successful, you will be able to access the WiFi network.

  5. For Windows XP user, after using the WiFi network, follow the recommendation below in section 3 to remove the cached HKU Portal PIN on the notebook computer.

3. Security recommendation: remove cached password in your notebook computer

In Windows XP, when a user login eduroam successfully, the email address and the HKU Portal UID and PIN will be cached in weakly encrypted format in Windows XP so that the UID/PIN are not required for sequential connection to eduroam.  While it is convenient, however, this can also be a security threat; for example, any transfer of a user’s PC to another person without clearing the cached password would potentially expose his HKU Portal UID/PIN to other people.  For security sake, Computer Centre is providing a program to remove the cached password.  You can download the program file and execute the file to delete the cached password every time after connect to eduroam or whenever necessary. 

In Windows Vista, there is an option to choose NOT to cache the PIN or password in the preparation steps.  This is the recommended setting.

As another security measure, once you have registered to enable eduroam access, you would be requested to change your HKU Portal PIN if you have not change it for six months.