Method and system for authenticating users to multiple computer servers via a single sign-on
First Claim
1. A method for authenticating a user with respect to multiple computer servers within a distributed computing network, said method comprising:
- providing an authentication broker within said distributed computing network;
receiving an authentication request from a workstation at said authentication broker;
issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid;
issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network;
issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network;
issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating an authorized user to multiple computer servers within a distributed computing environment after a single network sign-on is disclosed. In accordance with the method and system of the present invention, an authentication broker is provided within the distributed computing network. The authentication broker first receives an authentication request from a workstation. After a determination that the authentication request is valid, the authentication broker then issues a Kerberos Ticket Granting Ticket to the workstation. At this point, if there is a request by the workstation for accessing a Kerberos Ticket-based server within the distributed computing network, the authentication broker will issue a Kerberos Service Ticket to the workstation. Similarly, if there is a request by the workstation for accessing a passticket-based server within the distributed computing network, the authentication broker will issue a passticket to the workstation. Finally, if there is a request by the workstation for accessing a password-based server within the distributed computing network, the authentication broker will issue a password to the workstation. By this, accesses to all of the above servers within the distributed computing network can be granted via a single network authentication request.
-
Citations
15 Claims
-
1. A method for authenticating a user with respect to multiple computer servers within a distributed computing network, said method comprising:
-
providing an authentication broker within said distributed computing network; receiving an authentication request from a workstation at said authentication broker; issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid; issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network; issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network; issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product stored on a computer readable medium for authenticating a user with respect to multiple computer servers within a distributed computing network, said computer product comprising:
-
program code means for receiving an authentication request from a workstation at said authentication broker; program code means for issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid; program code means for issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network; program code means for issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network; program code means for issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An authentication broker for authenticating a user to multiple computer servers within a distributed computing network, said authentication broker comprising:
-
means for receiving an authentication request from a workstation; means for issuing a Kerberos Ticket Granting Ticket to said workstation after a determination that said authentication request is valid; means for issuing a Kerberos Service Ticket to said workstation in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network; means for issuing a passticket to said workstation in response to an access request from said workstation to a passticket-based server within said distributed computing network; means for issuing a password to said workstation in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request. - View Dependent Claims (12, 13, 14, 15)
-
Specification