NIS+ password update protocol
First Claim
1. A method for updating a password in a name service system, said name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said method comprising the steps of:
- sending by a sender a user name in said plurality of user names to a password update process running on said server, said sender being under the control of a user;
determining whether said sender has authority to update said user name'"'"'s password;
determining by said password update process whether password aging criteria for said user name are met;
if said sender has authority to update said user name'"'"'s password and said password aging criteria are met, performing the steps of;
prompting said user for a new password;
encrypting said new password;
sending said encrypted new password to said password update process;
decrypting said encrypted new password; and
storing said new password in said password table.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides methods and apparatus for updating passwords in a name service system. A server includes a name service database that further includes a plurality of tables with information, including passwords and communications information, concerning users. To enforce name service system security, users are denied direct access to their passwords and password aging information. These may be updated only through a process running on the NIS+ server. The password process has write access to the password and aging information in the database and is invoked when users change their passwords. To update a password, the user'"'"'s computer, the client computer, contacts the password update process and sends an encrypted version of the current password. The password update process decrypts the encrypted password and verifies that the user is authentic and the aging criteria are met. The user then enters a new password which is encrypted and provided to the password update process, which enters the new password in the password table.
102 Citations
24 Claims
-
1. A method for updating a password in a name service system, said name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said method comprising the steps of:
-
sending by a sender a user name in said plurality of user names to a password update process running on said server, said sender being under the control of a user; determining whether said sender has authority to update said user name'"'"'s password; determining by said password update process whether password aging criteria for said user name are met; if said sender has authority to update said user name'"'"'s password and said password aging criteria are met, performing the steps of; prompting said user for a new password; encrypting said new password; sending said encrypted new password to said password update process; decrypting said encrypted new password; and storing said new password in said password table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network including a client and a server for updating passwords in a name service system, said name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said network comprising:
-
a transmission device included in said client that sends a user name in said plurality of user names to a password update process running on said server, said client being under the control of a user; a computing device included in said server that determines whether said client has authority to update said user name'"'"'s password; a computing device included in said server that determines whether password aging criteria for said user name are met; a prompting device included in said client that prompts said user for a new password if said sender has authority to update said user name'"'"'s password and said aging criteria are met; an encrypting device included in said client that encrypts said new password; wherein said transmission device sends said encrypted new password to said password update process; a decrypting device included in said server that decrypts said encrypted new password; and a storage device included in said server that stores said new password in a password table. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising:
a computer usable medium having computer readable code embodied therein for updating a password in a name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said computer readable code comprising; a first computer readable program code device that sends from a client a user name in said plurality of user names to a password update process running on said server, said client being under the control of a user; a second computer readable program code device that determines whether said client has authority to update said user name'"'"'s password; a third computer readable program code device that determines by said password update process whether password aging criteria for said user name are met; a fourth computer readable program code device that prompts said user for a new password if said client has authority to update said user name'"'"'s password and said aging criteria are met; a fifth computer readable program code device that encrypts said new password; a sixth computer readable program code device that sends said encrypted new password to said password update process; and a seventh computer readable program code device that decrypts said encrypted new password and store said new password in said password table. - View Dependent Claims (21, 22)
-
23. A method for updating a password in a name service system, said name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said method comprising the steps of:
-
receiving a user name in said plurality of user names and information identifying a sender; determining whether said sender has authority to update said user name'"'"'s password; determining whether password aging criteria for said user name are met; if said sender has authority to update said user name'"'"'s password and said password aging criteria are met, performing the steps of; sending said sender a success message; receiving an encrypted new password from said sender; decrypting said encrypted new password; and storing said new password in said password table.
-
-
24. A method for updating a password in a name service system, said name service system comprising a database stored on a server, said database comprising a password table containing a password for each user name in a plurality of user names, said method comprising the steps of:
-
sending by a sender a user name in said plurality of user names to a password update process running on said server, said sender being under the control of a user; receiving by said sender from said password update process running on said server an indication of whether said sender has authority to update said user name'"'"'s password and whether password aging criteria are met for said user name; if said sender has authority to update said user name'"'"'s password and said password aging criteria are met, performing by said sender the steps of; prompting said user for a new password; encrypting said new password; and sending said encrypted new password to said password update process.
-
Specification