Kerberos ticket virtualization for network load balancers
First Claim
Patent Images
1. Computer-readable storage media including instructions executable by one or more processors to perform acts comprising:
- transmitting a client key with a ticket granting service request to a key distribution center, the ticket granting service request specifying a name of a group; and
receiving a group ticket for a Kerberos protocol from the key distribution center, the group ticket comprising;
the name of the group;
a service ticket encrypted with a dynamic group key; and
a plurality of enveloped pairs wherein each enveloped pair comprises a name associated with a member of the group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of a particular encrypted dynamic group key allows for decryption of the service ticket.
2 Assignments
0 Petitions
Accused Products
Abstract
An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.
13 Citations
18 Claims
-
1. Computer-readable storage media including instructions executable by one or more processors to perform acts comprising:
-
transmitting a client key with a ticket granting service request to a key distribution center, the ticket granting service request specifying a name of a group; and receiving a group ticket for a Kerberos protocol from the key distribution center, the group ticket comprising; the name of the group; a service ticket encrypted with a dynamic group key; and a plurality of enveloped pairs wherein each enveloped pair comprises a name associated with a member of the group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of a particular encrypted dynamic group key allows for decryption of the service ticket. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
under control of one or more processors configured with executable instructions; receiving, at a network load balancer, an application request and a group ticket that comprises a name for a group associated with the network load balancer and a service ticket including enveloped pairs, each enveloped pair comprising a key and a member name; routing the request and the group ticket to members of the group named in the enveloped pairs, wherein the members of the group named in the enveloped pairs each comprises a member key; decrypting a dynamic group key in one of the enveloped pairs using the member key of the member of the group named in the one of the enveloped pairs; and decrypting the service ticket using the dynamic group key. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A system comprising:
a key distribution center including one or more processors and memory storing instructions that, when executed, configure the one or more processors to perform acts comprising; receiving a group name and member names of members of the group from a group registrant, wherein the group name comprises a server principle name associated with a network load balancer; storing the member names; receiving a ticket granting request from a client wherein the request comprises the group name; and generating a group ticket that comprises an encrypted service ticket and enveloped pairs for each of the member names, each enveloped pair comprising an encrypted dynamic group key and the member name whereby decryption of an encrypted dynamic group key allows for decryption of the encrypted service ticket. - View Dependent Claims (17, 18)
Specification