Auditing login activity in a distributed computing environment
First Claim
1. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;
- comprising the steps of;
during a login routine, determining whether a ticket has been returned from the server in response to the ticket request; and
if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server. The pre-authentication data includes information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt. The method is effected as a background process during the login, and is initiated after the ticket has been returned to the workstation from the authentication server to avoid RPC deadlock. To audit the login, information from the pre-authentication data is used to obtain a simple name of the user. The simple name is then converted into a global format and evaluated. If the name is recognized, it is passed along with the workstation address to an audit API. If the name is invalid, the audit is suspended. After the information is recorded or the audit suspended, as the case may be, process control is returned to the login routine. Preferably, the routine is implemented within the security service of the distributed computing environment.
-
Citations
20 Claims
-
1. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;
- comprising the steps of;
during a login routine, determining whether a ticket has been returned from the server in response to the ticket request; and if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- comprising the steps of;
-
9. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;
- comprising the steps of;
during a login routine, determining whether a ticket has been returned from the server in response to the ticket request; if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit protocol; returning process control back to the login routine after processing the login audit protocol. - View Dependent Claims (10, 11, 12, 13)
- comprising the steps of;
-
14. A computer connected in a distributed computing environment having an authentication server, the computer comprising:
-
a processor; an operating system; program control means run by the operating system, comprising; means operative during a login routine for determining whether predetermined information has been returned from the authentication server in response to an authentication request; means responsive to the determining means for suspending the login routine and initiating a login audit protocol; and means for processing the login audit protocol; and means for returning process control back to the login routine after processing the login audit protocol. - View Dependent Claims (15, 16, 17)
-
-
18. An article of manufacture for use in a computer, comprising:
-
a computer-readable storage medium having a substrate; and computer program data encoded in the substrate of the computer-readable storage medium, wherein the storage medium so configured enables a user of the computer to connect the computer into a distributed computing environment having an authentication server, the computer program data comprising; means operative during a login routine for determining whether predetermined information has been returned from the server in response to an authentication request; means responsive to the determining means for suspending the login routine and initiating a login audit protocol; means for processing the login audit protocol; and means for returning process control back to the login routine after processing the login audit protocol. - View Dependent Claims (19, 20)
-
Specification