Centrally Managed Impersonation
First Claim
1. A method for managing impersonation by an impersonation management system having a central server and at least one remote shell daemon running on at least one remote machine, wherein the central server and the at least one remote shell daemon have a trust relationship, the method comprising:
- receiving, at a central server, a request action from a user to a remote machine;
authenticating, at the central server, the request action;
retrieving, at the central server, an impersonation policy for the user to act on the remote machine;
connecting to the remote machine;
sending the impersonation policy to a remote shell daemon;
impersonating an elevated account based on the impersonation policy;
executing the request action on the remote machine; and
returning a response to the user.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and computer readable media for centrally managed impersonation are described. Examples include a system having a central server and a remote shell daemon running on a remote machine, wherein a trust relationship is established between the central server and the remote shell daemon. Examples also include a method wherein a user sends the management system a request to act upon a remote machine. The management system determines whether the user is authenticated for the requested action. Upon authentication, the management system identifies an impersonation policy based on user profile and the remote machine. The management system connects to the remote machine, impersonates an elevated privilege account if required, and executes the user action on the remote machine.
-
Citations
17 Claims
-
1. A method for managing impersonation by an impersonation management system having a central server and at least one remote shell daemon running on at least one remote machine, wherein the central server and the at least one remote shell daemon have a trust relationship, the method comprising:
-
receiving, at a central server, a request action from a user to a remote machine; authenticating, at the central server, the request action; retrieving, at the central server, an impersonation policy for the user to act on the remote machine; connecting to the remote machine; sending the impersonation policy to a remote shell daemon; impersonating an elevated account based on the impersonation policy; executing the request action on the remote machine; and returning a response to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 12, 13, 14)
-
-
9. A method for managing impersonation by an impersonation management system having a central server and at least one remote shell daemon running on at least one remote machine, wherein the central server and the at least one remote shell daemon have a trust relationship, the method comprising,
accepting, at a remote machine, a connection request from a central server; -
receiving, at the remote machine, an impersonation policy; receiving, at the remote machine, a user action; determining whether the user action requires an elevated privilege to execute; identifying the elevated privilege based on the impersonation policy if determined; impersonating an account with the elevated privilege if identified; executing the user action; and sending a response to the central server. - View Dependent Claims (10, 11)
-
-
15. A networked impersonation management system, comprising:
-
a remote machine having a remote shell daemon running on the remote machine; and a central server having— a processing unit configured to accept a request to act on the remote machine, an authentication unit, coupled to the processing unit, configured to manage access to the impersonation management system, an impersonation unit, coupled to the processing unit, configured to manage connections to the remote machine to impersonate an elevated privilege account, and a storage device, coupled to the processing unit, for storing configuration settings of the authentication unit and the impersonation unit. - View Dependent Claims (16, 17)
-
Specification