Method and system for requesting and granting membership in a server farm
First Claim
1. A method for requesting membership in a server farm, the method comprising:
- receiving, by a requesting server belonging to a first security domain, a name of a server farm comprising at least two servers, a passphrase, and a name of one of the at least two servers in the server farm;
transmitting, by the requesting server, to the one of the at least two servers in the server farm a request for membership in the server farm and a first nonce, wherein the one of the at least two servers in the server farm belongs to a second security domain;
receiving by the requesting server, an acknowledgement of the request and a second nonce;
generating, by the requesting server responsive to the acknowledgement of the request for membership in the server farm, a hash of the server farm name, the passphrase, the name of the requesting server, the name of the one of the at least two servers in the server farm, the first nonce, and the second nonce;
generating, by the requesting server, a Kerberos service ticket and a Kerberos authenticator;
encrypting, by the requesting server, a portion of the Kerberos service ticket using the generated hash;
transmitting, by the requesting server, the Kerberos service ticket and the Kerberos authenticator to the one of the at least two servers in the server farm;
authenticating, by the one of the at least two servers in the server farm, the requesting server responsive to receiving the Kerberos service ticket and the Kerberos authenticator;
transmitting, by the one of the at least two servers in the server farm, a Kerberos authentication reply;
transmitting, by the one of the at least two servers in the server farm, a secret to the requesting server using a session key contained in the Kerberos service ticket; and
granting, by the one of the at least two servers in the server farm, membership in the server farm to the requesting server.
8 Assignments
0 Petitions
Accused Products
Abstract
A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.
-
Citations
15 Claims
-
1. A method for requesting membership in a server farm, the method comprising:
-
receiving, by a requesting server belonging to a first security domain, a name of a server farm comprising at least two servers, a passphrase, and a name of one of the at least two servers in the server farm; transmitting, by the requesting server, to the one of the at least two servers in the server farm a request for membership in the server farm and a first nonce, wherein the one of the at least two servers in the server farm belongs to a second security domain; receiving by the requesting server, an acknowledgement of the request and a second nonce; generating, by the requesting server responsive to the acknowledgement of the request for membership in the server farm, a hash of the server farm name, the passphrase, the name of the requesting server, the name of the one of the at least two servers in the server farm, the first nonce, and the second nonce; generating, by the requesting server, a Kerberos service ticket and a Kerberos authenticator; encrypting, by the requesting server, a portion of the Kerberos service ticket using the generated hash; transmitting, by the requesting server, the Kerberos service ticket and the Kerberos authenticator to the one of the at least two servers in the server farm; authenticating, by the one of the at least two servers in the server farm, the requesting server responsive to receiving the Kerberos service ticket and the Kerberos authenticator; transmitting, by the one of the at least two servers in the server farm, a Kerberos authentication reply; transmitting, by the one of the at least two servers in the server farm, a secret to the requesting server using a session key contained in the Kerberos service ticket; and granting, by the one of the at least two servers in the server farm, membership in the server farm to the requesting server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for requesting membership in a server farm comprising:
-
a receiver, executing on a computer processor provided by a requesting server belonging to a first security domain, to receive a name of a server farm comprising at least two servers, a passphrase, and a name of one of the at least two servers in the server farm; a transmitter, in communication with the receiver, executing on the requesting server to transmit to the one of the at least two servers in the server farm a request for membership in the server farm and a first nonce, wherein the one of the at least two servers in the server farm belongs to a second security domain; and transmit a Kerberos service ticket and a Kerberos authenticator to the server in the server farm; a generator in communication with the receiver and the transmitter, to generate a hash of the server farm name, the passphrase, the name of the receiver, the name of the one of the at least two servers in the server farm, the first nonce and a second nonce received by the receiver responsive to the acknowledgement of the request for membership in the server farm; generate the Kerberos service ticket and the Kerberos authenticator; and encrypt a portion of the Kerberos service ticket using the generated hash; and an authenticator executing on the one of the at least two servers in the server farm, to authenticate the requesting server responsive to receiving the Kerberos service ticket and the Kerberos authenticator; and grant membership in the server farm to the requesting server; and a second transmitter executing on the one of the at least two servers in the server farm to transmit a Kerberos authentication reply; and transmit a secret to the requesting server using a session key contained in the Kerberos service ticket. - View Dependent Claims (14, 15)
-
Specification