Method and system for the storage of authentication credentials
First Claim
1. A method, with an information processing system, of controlling access to host access credentials required to access a resource on a host computer system by a client process running on a client computer system, the information processing system being separate and distinct from the host computer system and the client computer system, the method comprising:
- storing the host access credentials in a restricted access directory on the information processing system, wherein the host access credentials are separate and distinct from the resource on the host computer system;
receiving directory access credentials from the client process;
authenticating the received directory access credentials to designate an authenticated client process;
receiving, after authenticating the received directory access credentials, a query for the host access credentials from the authenticated client process, the query comprising at least an identity of a user of the client computer system, a security realm identifier that is based on a security realm indication received by the authenticated client process from the host computer system, an address identifier associated with the resource;
performing the query by searching the restricted access directory for the host access credentials using at least the identity of the user, the security realm identifier, and the address identifier;
locating, based on performing the query, the host access credentials;
determining, based on the locating, whether the user of the client computer system is authorized to access the host access credentials stored in the restricted access directory, and based on the user being authorized, the user is only authorized to access the host access credentials, and wherein this authorization is independent of the resource; and
based on determining that the user of the client computer system is authorized to access the host access credentials, providing the host access credentials to the authenticated client process, wherein the host access credentials are configured to be provided to the host computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and computer program product for controlling access to host access credentials required to access a host computer system by a client application is provided. The host access credentials are stored in a restricted access directory. The method comprises authenticating directory access credentials received from a client application. The authenticated client application then requests the host access credentials and a determination as to whether the authenticated client process is authorized to access the requested host access credentials, and, if authorized, these are provided to the client application.
21 Citations
18 Claims
-
1. A method, with an information processing system, of controlling access to host access credentials required to access a resource on a host computer system by a client process running on a client computer system, the information processing system being separate and distinct from the host computer system and the client computer system, the method comprising:
-
storing the host access credentials in a restricted access directory on the information processing system, wherein the host access credentials are separate and distinct from the resource on the host computer system; receiving directory access credentials from the client process; authenticating the received directory access credentials to designate an authenticated client process; receiving, after authenticating the received directory access credentials, a query for the host access credentials from the authenticated client process, the query comprising at least an identity of a user of the client computer system, a security realm identifier that is based on a security realm indication received by the authenticated client process from the host computer system, an address identifier associated with the resource; performing the query by searching the restricted access directory for the host access credentials using at least the identity of the user, the security realm identifier, and the address identifier; locating, based on performing the query, the host access credentials; determining, based on the locating, whether the user of the client computer system is authorized to access the host access credentials stored in the restricted access directory, and based on the user being authorized, the user is only authorized to access the host access credentials, and wherein this authorization is independent of the resource; and based on determining that the user of the client computer system is authorized to access the host access credentials, providing the host access credentials to the authenticated client process, wherein the host access credentials are configured to be provided to the host computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data processing apparatus for controlling access to host access credentials required to access a resource on a host computer system by a client process running on a client computer system, the data processing apparatus being separate and distinct from the host computer system and the client computer system, wherein the host access credentials are stored in a restricted access field of a directory of the data processing apparatus, the data processing apparatus comprising:
-
a hardware processor; a memory communicatively coupled to the hardware processor; a receiving component, communicatively coupled to the hardware processor and the memory, for receiving messages from the client process; an authentication component, communicatively coupled to the hardware processor and the memory, for authenticating the client process using directory access credentials received from the client process to designate an authenticated client process; and a query component, communicatively coupled to the hardware processor and the memory, for receiving, after authenticating the received directory access credentials, a query for the host access credentials from the authenticated client process, the query comprising at least an identity of a user of the client computer system, a security realm identifier that is based on a security realm indication received by the authenticated client process from the host computer system, an address identifier associated with the resource; performing the query by searching the restricted access directory for the host access credentials using at least the identity of the user, the security realm identifier, and the address identifier; locating, based on performing the query, the host access credentials; determining, based on the locating, whether the user of the authenticated client process is authorized to access the host access credentials stored in the restricted access directory, and based on the user being authorized, the user is only authorized to access the host access credentials, and wherein this authorization is independent of the resource; and based on determining that the user of the client computer system is authorized to access the host access credentials, providing the host access credentials to the authenticated client process, wherein the host access credentials are configured to be provided to the host computer system. - View Dependent Claims (10)
-
-
11. A computer program product having a set of instructions, embodied in a non-transitory computer readable storage medium, to cause a computer to perform a method of controlling access to host access credentials required to access a resource on a host computer system by a client process running on a client computer system, the computer being separate and distinct from the host computer system and the client computer system, the method comprising:
-
storing the host access credentials in a restricted access directory on the computer, wherein the host access credentials are separate and distinct from the resource on the host computer system; receiving directory access credentials from the client process; authenticating the received directory access credentials to designate an authenticated client process; receiving, after authenticating the received directory access credentials, a query for the host access credentials from the authenticated client process, the query comprising at least an identity of a user of the client computer system, a security realm identifier that is based on a security realm indication received by the authenticated client process from the host computer system, an address identifier associated with the resource; performing the query by searching the restricted access directory for the host access credentials using at least the identity of the user, the security realm identifier, and the address identifier; locating, based on performing the query, the host access credentials; determining, based on the locating, whether the user of the client computer system is authorized to access the host access credentials stored in the restricted access directory, and based on the user being authorized, the user is only authorized to access the host access credentials, and wherein this authorization is independent of the resource; and based on determining that the user of the client computer system is authorized to access the host access credentials, providing the host access credentials to the authenticated client process, wherein the host access credentials are configured to be provided to the host computer system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification