System and method of user logon in combination with user authentication for network access
First Claim
1. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
- receiving a first network access request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a network access control response; and
sending the network access control response to the computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
249 Citations
12 Claims
-
1. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
-
receiving a first network access request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a network access control response; and
sending the network access control response to the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
receiving a second network access request from the computer for an access control document for accessing the computer as a network service;
inserting the account data for the user in an access control document for accessing the computer;
sending the access control document for accessing the computer to the computer.
-
-
4. A computer-readable medium as in claim 3, wherein the access control document for communicating with the network access control server is a ticket-granting ticket.
-
5. A computer-readable medium as in claim 4, wherein the access control document for accessing the computer is a service ticket.
-
6. A computer-readable medium as in claim 5, wherein the step of inserting the account data for the user in the service ticket places the account data in an authorization data field in the service ticket.
-
7. A computer-readable medium as in claim 6, wherein the account server is a network directory server.
-
8. A computer-readable medium as in claim 1, wherein the first network access request identifies the account data required by the computer for the user logging onto the computer, and the step of querying queries the account service for the account data identified in the first network access request.
-
9. A computer-readable medium having computer-executable instructions for performing steps by a network access control server, comprising:
-
receiving a ticket-granting ticket request from a computer for a user logging onto the computer;
authenticating the user;
querying an account service for account data for the user required for logging onto the computer;
receiving account data for the user from the account service; and
inserting the account data for the user in a ticket-granting ticket for the user; and
sending the ticket-granting ticket for the user to the computer. - View Dependent Claims (10, 11, 12)
receiving a service ticket request from the computer, the service ticket request including the ticket-granting ticket for the user;
transferring the account data for the user from the ticket-granting ticket into a service ticket for accessing the computer;
sending the service ticket containing the account data for the user to the computer.
-
-
12. A computer-readable medium as in claim 9, wherein the network access control center is a Kerberos Key Distribution Center (KDC).
Specification