Authentication and access control in a management console program for managing services in a computer network
First Claim
1. A method of securing access to the administration of a plurality of distinct services residing on one or more service host computers from an administration server computer connected to the one or more service host computers, there being a service manager residing on the administration server computer, the method comprising:
- providing a selected user identifier and a corresponding private keyword, the user identifier being arranged to identify a user having administrative access to at least one of the distinct services;
authenticating the user by comparing the selected user identifier and the corresponding private keyword against a plurality of user identifiers and private keywords stored in a persistent storage area, the comparing performed under control of the service manager;
deriving a list of services to which the user associated with the user identifier has administrative access;
when a request is made to administer a selected one of the services in the derived list of services, verifying at the service host computer associated with the selected service that the user associated with the selected user identifier is permitted to access the selected service by examining access control data associated with the selected user identifier in the persistent storage area; and
transferring one or more management files on the service host computer to the administration server thereby facilitating manipulation of the management files utilizing the service manager.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus of securing access to a service manager for the administration of services residing on multiple service host computers from an administration server computer is described. A user identifier, such as a user name, and a corresponding password are provided to the service manager. The user identifier is associated with a system administrator having administrative access to the services. The service manager authenticates the user by comparing the user identifier and password against a list of user identifiers and corresponding passwords stored in a persistent memory. A list of services to which the system administrator has administrative access is derived from the data in persistent memory. When the system administrator makes a request to administer one or more services from the list of services, the administrator'"'"'s access control is verified at the service host computers on which the requested services reside by examining access control data in the persistent memory. Management files are transferred from the service host computers to the administration server computer thereby facilitating manipulation of the management files utilizing the service manager.
-
Citations
15 Claims
-
1. A method of securing access to the administration of a plurality of distinct services residing on one or more service host computers from an administration server computer connected to the one or more service host computers, there being a service manager residing on the administration server computer, the method comprising:
-
providing a selected user identifier and a corresponding private keyword, the user identifier being arranged to identify a user having administrative access to at least one of the distinct services; authenticating the user by comparing the selected user identifier and the corresponding private keyword against a plurality of user identifiers and private keywords stored in a persistent storage area, the comparing performed under control of the service manager; deriving a list of services to which the user associated with the user identifier has administrative access; when a request is made to administer a selected one of the services in the derived list of services, verifying at the service host computer associated with the selected service that the user associated with the selected user identifier is permitted to access the selected service by examining access control data associated with the selected user identifier in the persistent storage area; and transferring one or more management files on the service host computer to the administration server thereby facilitating manipulation of the management files utilizing the service manager. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for securing administration of services residing on one or more service host computers from an administration server computer, the administration server computer connected to an administration client having a browser-type program and to the one or more service host computers using an Internet protocol, the system comprising:
-
a user profile data repository for storing data relating to user privileges, the data including, for each user, a user access level, a list of services, and a password; a service manager subcomponent of a communication interface residing on the administration server computer for accepting a user identifier and a corresponding keyword and passing the user identifier and the corresponding keyword to the user profile data repository; a component configuration directory suitable for residing on the one or more service hosts containing component configuration files for storing management modules associated with the plurality of services, the management modules containing management data utilized in administering the plurality of services; a service host subcomponent of the communication interface residing on the administration server computer for accepting the user identifier and the corresponding keyword and passing the user identifier and the corresponding keyword to the plurality of service host computers for verification by examining data relating to user privileges stored in the user profile data repository.
-
-
14. A system for securing access to the administration of a plurality of distinct services residing on one or more service host computers from an administration server computer connected to the one or more service host computers and to an administration client computer, there being a service manager residing on the administration server computer, the system comprising:
-
a communication connection between the administration client computer and the administration server computer that can be used for providing a selected user identifier and a corresponding private keyword to the service manager, the user identifier being arranged to identify a user having administrative access to at least one of the services; an authenticator configured for authenticating the user by comparing the selected user identifier and the corresponding private keyword against a plurality of user identifiers and private keywords stored in a persistent storage area, the comparing performed under control of the service manager; an access control mechanism for deriving a list of services to which the user associated with the user identifier has administrative access; a service host verifier for verifying that the user associated with the selected user identifier is permitted to access a selected one of the services in the derived list of services, the verifier residing at the service host computer associated with the selected service and utilizing access control data associated with the selected user identifier in the persistent storage area; and a data transfer component for transferring one or more management files on the service host computer to the administration server computer thereby facilitating manipulation of the management files utilizing the service manager.
-
-
15. A computer readable medium configured to store computer programming instructions for securing access to the administration of a plurality of distinct services residing on one or more service host computers from an administration server computer connected to the one or more service host computers, there being a service manager residing on the administration server computer, the computer readable medium comprising:
-
computer programming instructions for providing a selected user identifier and a corresponding private keyword, the user identifier being arranged to identify a user having administrative access to at least one of the distinct services; computer programming instructions for authenticating the user by comparing the selected user identifier and the corresponding private keyword against a plurality of user identifiers and private keywords stored in a persistent storage area, the comparing performed under control of the service manager; computer programming instructions for deriving a list of services to which the user associated with the user identifier has administrative access; when a request is made to administer a selected one of the services in the derived list of services, computer programming instructions for verifying at the service host computer associated with the selected service that the user associated with the selected user identifier is permitted to access the selected service by examining access control data associated with the selected user identifier in the persistent storage area; and computer programming instructions for transferring one or more management files on the service host computer to the administration server thereby facilitating manipulation of the management files utilizing the service manager.
-
Specification