Fine grained access control for linux services
First Claim
Patent Images
1. An apparatus, comprising:
- an application including an application name;
a receiver to receive a request from a user to execute the application;
a plurality of authentication modules to authenticate the user responsive to the request from the user to execute the application, each of the plurality of authentication modules capable of authenticating the user by themselves;
an authentication module selector to select an authentication module using the application name, the authentication module separate from each of the plurality of authentication modules;
an object set, including at least a first object representing the user and a second object including an indication as to whether the user is authorized to execute the application, the indication as to whether the user is authorized to execute the application includes a blacklist of IDs to be denied permission to execute the application and the first object includes a user ID (UID), wherein the UID is a unique ID assigned to the user by the system different from any ID assigned to other users; and
an authorization module to determine whether the UID is included in the blacklist of IDs.
12 Assignments
0 Petitions
Accused Products
Abstract
A user requests to execute an application. The system authenticates the user and determines whether the user is authorized to execute the application. If the user is both authenticated and authorized to execute the application, the system grants the user permission to execute the application. Otherwise, the system denies the user permission to execute the application.
145 Citations
19 Claims
-
1. An apparatus, comprising:
-
an application including an application name; a receiver to receive a request from a user to execute the application; a plurality of authentication modules to authenticate the user responsive to the request from the user to execute the application, each of the plurality of authentication modules capable of authenticating the user by themselves; an authentication module selector to select an authentication module using the application name, the authentication module separate from each of the plurality of authentication modules; an object set, including at least a first object representing the user and a second object including an indication as to whether the user is authorized to execute the application, the indication as to whether the user is authorized to execute the application includes a blacklist of IDs to be denied permission to execute the application and the first object includes a user ID (UID), wherein the UID is a unique ID assigned to the user by the system different from any ID assigned to other users; and an authorization module to determine whether the UID is included in the blacklist of IDs. - View Dependent Claims (2, 3, 4, 5, 6, 17)
-
-
7. A method, comprising:
-
receiving a request from a user to execute an application; authenticating the user responsive to the request from the user to execute the application, including; selecting an authentication module from a plurality of authentication modules using a name of the application, each of the plurality of authentication modules capable of authenticating the user by themselves; and using the selected authentication module to authenticate the user; and verifying that the user is authorized to execute the application using an authorization module, the authentication module separate from each of the plurality of authentication modules, including; accessing an object set, the object set including at least a first object representing the user and a second object including an indication as to whether the user is authorized to execute the application, the indication as to whether the user is authorized to execute the application including a blacklist for the application; determining a user ID (UID) for the user from the first object in the object set, wherein the UID is a unique ID assigned to the user by the system different from any ID assigned to other users; determining if the UID is on the blacklist; and if the UID is not on the blacklist for the application, indicating that the user is authorized to execute the application. - View Dependent Claims (8, 9, 10, 11, 18)
-
-
12. An article, comprising:
-
a non-transitory storage medium, said non-transitory storage medium having stored thereon instructions, that, when executed by a machine, result in; receiving a request from a user to execute an application; authenticating the user responsive to the request from the user to execute the application, including; selecting an authentication module from a plurality of authentication modules using a name of the application, each of the plurality of authentication modules capable of authenticating the user by themselves; and using the selected authentication module to authenticate the user; and verifying that the user is authorized to execute the application using an authorization module, the authentication module separate from each of the plurality of authentication modules, including; accessing an object set, the object set including at least a first object representing the user and a second object including an indication as to whether the user is authorized to execute the application, the indication as to whether the user is authorized to execute the application including a blacklist for the application; determining a user ID (UID) for the user from the first object in the object set, wherein the UID is a unique ID assigned to the user by the system different from any ID assigned to other users; determining if the UID is on the blacklist; and if the UID is not on the blacklist for the application, indicating that the user is authorized to execute the application. - View Dependent Claims (13, 14, 15, 16, 19)
-
Specification