Kerberos command structure and method for enabling specialized Kerbero service requests
First Claim
1. In a network wherein multiple Client-Users have client terminals which communicate with a client-server having a Kerberos Support Library, holding a Directive Interface and Configuration File which is in communication with said Kerberos Server, and wherein said client-server includes a Kerberos Support Library which is accessed by a Menu Assisted Resource Control Program via a Directive Interface, a method for enabling a requesting client-terminal to utilize a specialized Kerberos command and to receive a generated response, said particular command being designated as a KRB inquiry command and s&
- id method comprising the steps of;
(a) initiating said KRB command to inquire as to the Kerberos commands available to the Client-User;
(b) calling said Kerberos Support Library in said client server;
(c) checking for the correct command syntax;
(d) checking the privileges available to the Client-User;
(e) providing a list of available commands for an appropriately privileged User;
(f) returning the list back to the Client-User;
(g) initiating, by said Client-User of a KRB clockskew command which further includes the steps of;
(g1) calling, by said MARC program, of said Directive Interface in said Kerberos Support Library to check the command syntax;
(g2) checking whether said clockskew command is an inquiry (i) or a change request (ii) of the clockskew; and
which include the steps of;
(g2a) determining if the request is only an inquiry (i) as to the clocksskew value;
(g2b) returning the clockskew value to the Client-User 10;
(g3) checking for the User'"'"'s privileges if a change request (ii) has been initiated;
(g4) processing the requested change, if the Client-User has been appropriately privileged, said processing calling a routine in said Kerberos Support Library to overwrite the prior value in said Configuration File;
(g5) completing the process of changing the clockskew value;
(g6) sending confirmation of the change back to the Client-User.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided whereby a flexible group of new Kerberos commands are operable for the user in a system wherein a Kerberos server is networked with a client server to provide a multiple number of new commands to the client user. Among other features, the new Kerberos commands allow the user to obtain ticket-granting-tickets, or to destroy his active tickets, or further to inquire as to the type of Kerberos commands available, to change one'"'"'s Kerberos password in the Kerberos database or to inquire or add to one'"'"'s Principal Identification (ID) to the Kerberos database. The client user makes a Kerberos service request from the client server through a Menu-Assisted Resource Control (MARC) program working in conjunction with a Kerberos Support Library, having a Directive interface and configuration file which work in communication with the Kerberos server'"'"'s database and key distribution center.
46 Citations
3 Claims
-
1. In a network wherein multiple Client-Users have client terminals which communicate with a client-server having a Kerberos Support Library, holding a Directive Interface and Configuration File which is in communication with said Kerberos Server, and wherein said client-server includes a Kerberos Support Library which is accessed by a Menu Assisted Resource Control Program via a Directive Interface, a method for enabling a requesting client-terminal to utilize a specialized Kerberos command and to receive a generated response, said particular command being designated as a KRB inquiry command and s&
- id method comprising the steps of;
(a) initiating said KRB command to inquire as to the Kerberos commands available to the Client-User;
(b) calling said Kerberos Support Library in said client server;
(c) checking for the correct command syntax;
(d) checking the privileges available to the Client-User;
(e) providing a list of available commands for an appropriately privileged User;
(f) returning the list back to the Client-User;
(g) initiating, by said Client-User of a KRB clockskew command which further includes the steps of;
(g1) calling, by said MARC program, of said Directive Interface in said Kerberos Support Library to check the command syntax;
(g2) checking whether said clockskew command is an inquiry (i) or a change request (ii) of the clockskew; and
which include the steps of;
(g2a) determining if the request is only an inquiry (i) as to the clocksskew value;
(g2b) returning the clockskew value to the Client-User 10;
(g3) checking for the User'"'"'s privileges if a change request (ii) has been initiated;
(g4) processing the requested change, if the Client-User has been appropriately privileged, said processing calling a routine in said Kerberos Support Library to overwrite the prior value in said Configuration File;
(g5) completing the process of changing the clockskew value;
(g6) sending confirmation of the change back to the Client-User.
- id method comprising the steps of;
-
2. In a network wherein multiple Client-Users have client terminals which communicate with a client-server having a Kerberos Support Library, and General Security Application Program Interface Library said Client-Server communicating with an associated Kerberos Server wherein each Client-User utilizes a Menu Assisted Resource Control (MARC) program to communicate with said Kerberos Support Library via a Directive Interface and wherein a Client-User has active tickets residing in said Kerberos Support Library, a method for implementing a specialized command KRB DESTROY comprising the steps of:
-
(d1) initiating by said Client-User, of a KRB DESTROY command;
(d2) calling the Kerberos Support Library to check the command syntax;
(d3) deleting the selected active tickets designated by said Client-User;
(d4) verifying that said selected active tickets have now been deleted;
(d5) calling said General Security Application Program Interface Library (GSS-API) to delete any reference to said selected active tickets;
(d6) deleting any of said reference to selected active tickets residing in said Kerberos Support Library;
(d7) returning back to the Client-User a confirmation that the selected active tickets have been deleted.
-
-
3. In a network wherein multiple Client-Users have terminals which communicate with a client-server 13 having a Kerberos Support Library 34 which is in communication with a Kerberos Server 20, and wherein a Menu Assisted Resource Control (MARC) Program 40 communicates with said Kerberos Support Library 34 via a Directive Interface 35, a method for generating an appropriate response to a Clint-User'"'"'s specialized command to log into the Kerberos Server to obtain a ticket granting ticket (TGT), said method implementing the command of KRT INIT and including the steps of:
-
(e1) initializing a command KRB INIT by said Client-User 10 to a client server 13;
(e2) using a MARC program 40 through a Directive Interface 35 in order to access said Kerberos Support Library 34;
(e3) checking by said Directive Interface 35 as to the proper command syntax in a situation of command syntax error which then includes the substeps of;
(e3a) calling a General Security Application Program-Interface Library 38 (GSS-API) to clean up and delete any reference to said ticket;
(e3b) deleting, by said Kerberos Support Library 34 of any reference to the tickets which it has stored;
(e3c) generating an error message;
(e3d) transmitting said error message back to the caller MARC program asynchronously for subsequent display to said Client-User;
(e4) accessing by said Kerberos Support Library 34 of a Ticket-Grant-Ticket from a Key Distribution Center 22;
(e5) storing said granted ticket in said Kerberos Support Library 34;
(e6) returning an asynchronous response to the caller MARC 40 for transmittal to said Client-User.
-
Specification