CN105704089A - Template-based login user management method, user login method and device - Google Patents
Template-based login user management method, user login method and device Download PDFInfo
- Publication number
- CN105704089A CN105704089A CN201410687347.8A CN201410687347A CN105704089A CN 105704089 A CN105704089 A CN 105704089A CN 201410687347 A CN201410687347 A CN 201410687347A CN 105704089 A CN105704089 A CN 105704089A
- Authority
- CN
- China
- Prior art keywords
- aaa
- user
- template
- login
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a template-based login user management method, a user login method and a user login device. The template-based login user management method includes the following steps that: one or a plurality of kinds of AAA policies are configured; an AAA template is created, the AAA policies are bound to the AAA template; the user modes of login users are created; and the AAA template is bound to the user modes. With the template-based login user management method adopted, problems in a scene where users of the same or different login types use the same or different AAA policies can be solved; the AAA policies can be used flexibly, so that management on login users in the scene is more flexible and more convenient.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of based on the method for administrative login user of template, user log in method and device。
Background technology
In existing telecom carrier-class device occasion, it is frequently necessary to logging device and carry out the configuration of miscellaneous service, log in type and be generally TELNET (being a kind of program of Telnet on Internet), SSH (SecureShell, a kind of safety shell protocol), WEB etc., configuration equipment can be allowed after carrying out user authentication authentication。The management being generally directed to login user is mainly AAA, i.e. Authentication (certification), Authorization (mandate) and Accounting (book keeping operation)。
Whether the user that authentication method is authentication-access equipment is legal, to determine whether that user accesses;Authorization method is to authorize the user accessed to allow use those services or possess what authority;Bookkeeping methods is the situation of recording user operation equipment。Three is to cooperate with use under normal circumstances。
Realization common for AAA is to dispose AAA method according to login type or user type, namely after being configured with AAA, login type (such as serial ports login, TELNET login, SSH login, WEB login etc.) or user type (login user, the ppp user etc.) overall situation are come into force, and this just objectively limits the finally corresponding AAA method of user and is limited by login type or the user type of AAA method bound。To log in type, if having bound AAA method on linevty1, then the use corresponding identical AAA method per family logged in from vty1。It is it desired to same user by different vty (virtualteletypeterminal, virtual terminal) take identical AAA method when logging in, or when different users takes different AAA methods when being logged in by identical vty, such deployment is with regard to underaction。Same, when same user type disposes different AAA methods, also can there is above-mentioned situation。
Summary of the invention
In order to solve above-mentioned technical problem, inventive embodiment provides method and the device of a kind of administrative login user based on template, for the AAA Policy that different AAA template sets is different, this AAA template is tied under particular user, to realizing the different AAA Policies to user。
According to one aspect of the present invention, it is provided that a kind of method of administrative login user based on template, described method includes: configure one or more AAA Policies;Create AAA template, described AAA Policy is tied under described AAA template;Create the user model of login user;And described AAA template is tied under described user model。
Alternatively, described AAA template includes: aaa authentication template, aaa authorization template and AAA keep accounts in template one or more。
Alternatively, described AAA Policy at least includes: aaa server switchover policy in aaa server type and aaa server group in aaa server group。
Alternatively, described method also includes: binds under described user model and logs in type accordingly。
Alternatively, described user model includes: default user pattern and user's configuration mode。
Alternatively, described login type is: console logs in type, TELNET logs in type, SSH logs in type, FTP logs in type or WEB logs in type。
According to another aspect of the present invention, additionally providing a kind of method that user logs in, described method includes: obtains the log-on message of login user input and logs in type;According to whether log-on message matching unit this locality that described user inputs is configured with corresponding user's configuration mode;If it does, then obtain the login type of configuration from user's configuration mode of coupling;Otherwise, from default user pattern, obtain the login type of configuration;By the login type matching of the login type of login user Yu described configuration, if it does, then the corresponding relation according to user model set in advance Yu AAA template, obtain the AAA template corresponding with user's configuration mode of coupling or default user pattern;Aaa authentication or aaa authentication and aaa authorization is initiated according to the AAA template that coupling obtains。
Alternatively, if the login type of the described login user login type corresponding with described user's configuration mode is not mated, then login failure is pointed out。
Alternatively, described method also includes: configure one or more AAA Policies;Create AAA template, described AAA Policy is tied under described AAA template;Create the user model of login user;Described AAA template is tied under described user model。
According to another aspect of the present invention, additionally providing a kind of device based on Template Manager login user, described device includes: configuration module, is used for configuring one or more AAA Policies;First binding module, is used for creating AAA template, is tied under described AAA template by described AAA Policy;Creation module, is used for creating user model;And second binding module, for described AAA template is tied under described user model。
Alternatively, described device also includes: the 3rd binding module, logs in type accordingly for binding under described user model。
According to another aspect of the present invention, additionally providing the device that a kind of user logs in, described device includes: the first acquisition module, for obtaining the log-on message of login user input and logging in type;First matching module, whether the log-on message matching unit this locality for inputting according to described user is configured with user's configuration mode of correspondence;If it does, then obtain the login type of configuration from user's configuration mode of coupling;Otherwise, from default user pattern, obtain the login type of configuration;Second matching module, for the login type matching by the login type of login user Yu described configuration, if matched, then the corresponding relation according to user model set in advance Yu AAA template, obtain the AAA template corresponding with user's configuration mode of coupling or default user pattern;Processing module, initiates aaa authentication or aaa authentication and aaa authorization for the AAA template obtained according to coupling。
Alternatively, described device also includes: reminding module, if do not mated for the login type that the login type of described login user is corresponding with described user's configuration mode, points out login failure。
Alternatively, described device also includes: configuration module, is used for configuring one or more AAA Policies;
First binding module, is used for creating AAA template, is tied under described AAA template by described AAA Policy;Creation module, is used for creating user model;And second binding module, for described AAA template is tied under described user model。
By embodiments of the invention, the user solving identical or different login type uses the scene of identical or different AAA Policies, can use AAA Policy flexibly by the method for the invention so that the login user management of described scene is more flexible and convenient。
Accompanying drawing explanation
Fig. 1 is one of flow chart of method in embodiments of the invention based on Template Manager login user;
Fig. 2 is the two of the flow chart of the method in embodiments of the invention based on Template Manager login user;
Fig. 3 is the configuration binding relationship figure of AAA template and local user or default user pattern in embodiments of the invention;
Fig. 4 is the flow chart of tacacs server Certificate Authority in embodiments of the invention;
Fig. 5 is the flow chart of radius server Certificate Authority in embodiments of the invention;
Fig. 6 is the flow chart of TACACSS server book keeping operation in embodiments of the invention;
Fig. 7 is one of flow chart that in embodiments of the invention, user logs in;
Fig. 8 is the two of the flow chart that in embodiments of the invention, user logs in;
Fig. 9 is the interaction flow of terminal unit, router and aaa server in embodiments of the invention;
Figure 10 is the structural representation of the device based on Template Manager login user of the present invention;
Figure 11 is the structural representation of the device that user logs in embodiments of the invention。
Detailed description of the invention
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings。Although accompanying drawing showing the exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure and should do not limited by embodiments set forth here。On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and complete for the scope of the present disclosure can be conveyed to those skilled in the art。
As it is shown in figure 1, be one of a kind of flow chart of method based on Template Manager login user in embodiments of the invention, specifically comprise the following steps that
Step S101, configure one or more AAA Policies;
Alternatively, described AAA Policy at least includes: aaa server switchover policy in aaa server type and aaa server group in aaa server group。
Server common at present is TACACS (terminal access controller access control system), RADIUS (remote customer dialing authentication system) and Diameter (updating protocol of RADIUS) three kinds, for these three, the collocation strategy of AAA template is described。
Under aaa authentication strategy, aaa server type can specify none, TACACS, RADIUS, Diameter, local (this locality) or the permutation and combination of these types, to determine the strategy that server switches。TACACS, RADIUS and Diameter server group are configured corresponding server switchover policy, carries out organizing interior switching when certain aaa server is obstructed。
Under aaa authorization strategy, aaa server type can specify none, TACACS, RADIUS, local or the permutation and combination of these types, to determine the strategy that server switches。TACACS and radius server group are configured corresponding server switchover policy, carries out organizing interior switching when certain aaa server is obstructed。
Under AAA account policy, aaa server type can specify none, TACACS, RADIUS, local or the permutation and combination of these types, to determine the strategy that server switches。TACACS and radius server are configured corresponding server switchover policy, carries out organizing interior switching when certain server is obstructed。
Step S103, establishment AAA template, be tied to AAA Policy under AAA template;
In an embodiment of the present invention, AAA template includes: aaa authentication template, aaa authorization template, AAA keep accounts template, wherein can bind identical or different AAA Policy every kind of AAA template, namely can in AAA template can configuration service device type, server switchover policy and server group policy etc., under the login user specified, bind this AAA template。When users log on, the AAA template of this user binding is searched to determine concrete AAA Policy。
Step S105, create login user user model;
It is, the user profile of configuration registry user (username and password), and generate the user model corresponding with login user based on user profile。Alternatively, in an embodiment of the present invention, user model includes: default user pattern and user's configuration mode, when user profile is arranged in server side, local device does not create login user, specifying AAA template when being server authentication, embodiments of the invention provide default user pattern, AAA template are tied under this default user pattern simultaneously。When login user and this locality created user unmatch time, adopt the AAA template corresponding A AA strategy of binding under default user pattern。
Step S107, AAA template is tied under user model。
After configuring AAA template, establishment user is test, needs to be tied under this user configuration by configuration by AAA template, test user now can be used to carry out logging in。
In an embodiment of the present invention, it is possible to as the case may be AAA template is tied under user model, for instance:
Situation one, due to user log in have to pass through this step of aaa authentication, if therefore user's unbound aaa authentication template or aaa authentication template configuration are wrong, answer under the environment having terminal export explicit hints its certification of user configuration information lack or mistake。
Situation two, having under the scene of default authorisation strategy at equipment, user's configuration can not bind aaa authorization template, after user authentication passes through, adopts default authorisation strategy to give user right;When aaa authorization server exception or Network Abnormal, it is impossible to obtain the Authorization result of server side, now also can use default authorisation。When not having default authorisation strategy and user's unbound aaa authorization template or aaa authorization template configuration wrong, under the environment having terminal to export, answer configuration information disappearance or the mistake of explicit hints its mandate of user, do not allow for user and log in。
Situation three, essential function due to AAA account policy A non logged-on user, if therefore when AAA keep accounts function close, user has bound AAA and has kept accounts template, or when function of keeping accounts is opened, user has bound book keeping operation template, but when template is empty, does not all keep accounts。
As in figure 2 it is shown, be in embodiments of the invention the two of the flow chart of method based on Template Manager login user, with the method shown in Fig. 1 the difference is that, in fig. 2, after step S107, the method also includes:
Step S109, bind under user's configuration mode and log in type accordingly。
When needing certain class limiting certain class user to log in type, under specifying user or under default user pattern, log in type by certain configuration binding。During user's unbound login type, acquiescence supports any login type。
Compared with common user login management, embodiment of the present invention can customize the combined method of certification very flexibly, authorization and accounting for specific user and particular login type, the customization management of scene and user to meet actual user's login。
As it is shown on figure 3, the AAA template that embodiments of the invention describe is as follows with the binding relationship of user profile, support that for login user the scene of aaa server certification and mandate is illustrated:
Step S301: configuration service device group policy, it is intended that server group switchover policy;
Wherein, server group policy includes: TACACS group T1 strategy, RADIUS group T2 strategy and Diameter group T3 strategy。
Step S303: create aaa authentication template X1, server group policy is tied under this aaa authentication template X1;Create aaa authorization template X2, server group policy is tied under this aaa authorization template X2;Create AAA book keeping operation template X3, server group policy is tied to this AAA book keeping operation template X3。
Step S305: create user Y, and aaa authentication template X1 and mandate template X2 is tied under Y or aaa authentication template X1, aaa authorization template X2, AAA book keeping operation template X3 are tied under Y。
Step S307, binding log in type, wherein log in type and include: console, TELNET, SSH, FTP and WEB etc.。
So far, the incidence relation of aaa server configuration information, aaa authentication template, aaa authorization template and user configuration information three is just set up。
The actual disposition information of the present invention is exemplified below:
As shown in Figure 4, for the flow chart of tacacs server Certificate Authority in embodiments of the invention, wherein, user is deployed in tacacs server side, and the scene carrying out tacacs server Certificate Authority is as follows:
Step S401: configure 2 tacacs servers, and be applied in the group policy of TACACS T1 by name。
Specifically, the code of step S401 is as follows:
Step S403: creating aaa authentication template 2001, configuration auth type is TACACS, and TACACS group policy is tied to this aaa authentication template 2001 times。
Specifically, the code of step S403 is as follows:
Step S405: creating aaa authorization template 2001, configuration authorization type is TACACS, and TACACS group policy is tied to this aaa authorization template 2001 times。
Specifically, the code of step S405 is as follows:
Step S407: create user user1, configuring its password is test (for ciphertext corresponding for test in example), step S403 and the S405 aaa authentication template created and aaa authorization template is tied under user1 simultaneously。
Specifically, the code of step S407 is as follows:
Step S409: if user creates in server side, this locality does not have user to configure, when certification, mandate, book keeping operation all use server, it is necessary to bind step S403 and the S405 aaa authentication template created and aaa authorization template under default user pattern。
Specifically, the code of step S409 is as follows:
Step S411: the user's logging device disposed by accessing terminal to use。
As it is shown in figure 5, be the flow chart of radius server Certificate Authority in embodiments of the invention, wherein, user is deployed in radius server side, and the scene carrying out radius server Certificate Authority is as follows:
Step S501: configure 2 radius servers, and be applied in the group policy of RADIUS R1 by name。
Specifically, the code of step S501 is as follows:
Step S503: creating aaa authentication template 2002, configuration auth type is RADIUS, and RADIUS group policy is tied to this aaa authentication template 2002 times。
Specifically, the code of step S503 is as follows:
Step S505: creating aaa authorization template 2002, configuration authorization type is RADIUS, and RADIUS group policy is tied to this aaa authorization template 2002 times。
Specifically, the code of step S505 is as follows:
Step S507: creating user user1, configuring its password is test, is tied to step S503 and the S505 aaa authentication template created and aaa authorization template under user1 simultaneously。
Specifically, the code of step S507 is as follows:
Step S509: if user creates in server side, this locality does not have user to configure, when certification, mandate, book keeping operation all use server, it is necessary to bind step S503 and the S505 aaa authentication template created and aaa authorization template under default user pattern。
Specifically, the code of step S509 is as follows:
Step S511: the user's logging device disposed by accessing terminal to use。
Diameter server is mainly used in user authentication, similar with the binding strategy of tacacs authentication template。
As shown in Figure 6, for the flow chart of TACACSS server book keeping operation in embodiments of the invention due to the essential function of AAA account policy A non logged-on user, the be the need for configuration slightly different with aaa authentication, authorization function enables switch, enables switch acquiescence and closes。For tacacs server book keeping operation function, concrete configuration is as follows:
Step S601: creating AAA book keeping operation template 2003, configuration accounting-type is TACACS, and TACACS group policy is tied to this AAA book keeping operation template 2003 times。Specifically, the code of step S601 is as follows:
Step S603: open book keeping operation function under user's user1 configuration mode, template 2003 of simultaneously being kept accounts by the step S601 AAA created is tied under user1:
Specifically, the code of step S603 is as follows:
Step S605: if user creates in server side, this locality does not have user to configure, opens book keeping operation function under default user pattern, is exemplified below:
Specifically, the code of step S605 is as follows:
Now this user log in after all operations all can carry out keeping accounts according to AAA template 2003 strategy of keeping accounts。If when function of keeping accounts is closed (accounting-switchoff), user has bound the book keeping operation template of AAA, or when function of keeping accounts is opened, user has bound book keeping operation template, but when template is empty, does not all keep accounts。
When needing the login type limiting user, under user's configuration mode, binding is corresponding logs in type, common login type is mainly console, TELNET, SSH, FTP, WEB etc., according to the access scene that the network equipment is actual, present different access styles, order corresponding to this example is login-type, allows TELNET and SSH to log on as example to be exemplified below limiting user:
The scene of the local login type not configuring user's limit server side is exemplified below:
After the above scene configuration completes, can by specifying user's logging device。
As it is shown in fig. 7, be one of flow chart of user's login in embodiments of the invention, specifically comprise the following steps that
Step S701, the log-on message obtaining login user input and login type;
Step S703, the local user's configuration mode whether being configured with correspondence of log-on message matching unit inputted according to described user;If matched, then from user's configuration mode of coupling, obtain the login type of configuration;Otherwise, from default user pattern, obtain the login type of configuration;
Step S705, by the login type matching of the login type of login user Yu described configuration, if matched, the then corresponding relation according to user model set in advance Yu AAA template, obtains the AAA template corresponding with user's configuration mode of coupling or default user pattern;
Step S707, initiate aaa authentication or aaa authentication and aaa authorization according to the AAA template that obtains of coupling。
In an embodiment of the present invention, if the login type of the described login user login type corresponding with described user's configuration mode is not mated, login failure is pointed out。
In an embodiment of the present invention, the corresponding relation of user model set in advance and AAA template can be set up in the following manner, first configures one or more AAA Policies;Then create AAA template, described AAA Policy is tied under described AAA template;Subsequently, the user model of login user is created;Finally described AAA template is tied under described user model。
As shown in Figure 8, for the two of the flow chart that user in embodiments of the invention logs in, user's login process is as follows:
Step S801: obtain the username and password of login user;
Step S803: according to the user model whether being configured with correspondence in the user list that the username and password matching unit of user's input is local。If matched, enter step S807;Otherwise, step S805 is entered。
Step S805, from default user pattern obtain log in type。
Step S807, obtain the login type of locally configured user model;
Step S809: if logged on login type and the login type matching of configuration of user, then enter step S811;Otherwise provide corresponding miscue。
Step S811: obtain corresponding AAA method (certification, mandate, book keeping operation) from coupling user or default user pattern。
Step S813: initiate to specify the certification of AAA method, authorization requests waiting facilities or server response。If certification and authorize successfully, then user logins successfully。
When under user1 user, binding template number is the certification of 2001 and authorizes template, when being logged in by the access terminal specified, terminal equipment side, equipment (carrier class switch, router) side and aaa server side actual interaction flow as shown in Figure 9, for equipment for router, router prompt terminal unit input username and password, after terminal unit inputs " user1 " (user name) and " test " (password), carry out the coupling of AAA Policy according to username and password by router, it is then based on the router AAA Policy that obtains of coupling and sends the request of certification and authorisation process to aaa server, when certification and authorizing after successfully, router allows terminal device logs。
As shown in Figure 10, for the structural representation of the device based on Template Manager login user of the present invention, this device includes: configuration module the 1001, first binding module 1003, creation module 1005 and the second binding module 1007, wherein
Configuration module 1001, is used for configuring one or more AAA Policies;Server common at present is TACACS (terminal access controller access control system), RADIUS (remote customer dialing authentication system) and Diameter (updating protocol of RADIUS) three kinds, for these three, the collocation strategy of AAA template is described。Under aaa authentication strategy, aaa server type can specify none, TACACS, RADIUS, Diameter, local (this locality) or the permutation and combination of these types, to determine the strategy that server switches。TACACS, RADIUS and Diameter server group are configured corresponding server switchover policy, carries out organizing interior switching when certain aaa server is obstructed。Under aaa authorization strategy, aaa server type can specify none, TACACS, RADIUS, local or the permutation and combination of these types, to determine the strategy that server switches。TACACS and radius server group are configured corresponding server switchover policy, carries out organizing interior switching when certain aaa server is obstructed。Under AAA account policy, aaa server type can specify none, TACACS, RADIUS, local or the permutation and combination of these types, to determine the strategy that server switches。TACACS and radius server are configured corresponding server switchover policy, carries out organizing interior switching when certain server is obstructed。
First binding module 1003, is used for creating AAA template, is tied under described AAA template by described AAA Policy。In an embodiment of the present invention, AAA template includes: aaa authentication template, aaa authorization template, AAA keep accounts template, wherein can bind identical or different AAA Policy every kind of AAA template, namely can in AAA template can configuration service device type, server switchover policy and server group policy etc., under the login user specified, bind this AAA template。When users log on, the AAA template of this user binding is searched to determine concrete AAA Policy。
Creation module 1005, is used for creating user model;It is, the user profile of configuration registry user (username and password), and generate the user model corresponding with login user based on user profile。Alternatively, in an embodiment of the present invention, user model includes: default user pattern and user's configuration mode, when user profile is arranged in server side, local device does not create login user, specifying AAA template when being server authentication, embodiments of the invention provide default user pattern, AAA template are tied under this default user pattern simultaneously。When login user and this locality created user unmatch time, adopt the mode that the AAA acquiescence of binding under default user pattern is corresponding。
Second binding module 1007, for being tied to described AAA template under described user model。
Compared with common user login management, embodiment of the present invention can customize the combined method of certification very flexibly, authorization and accounting for specific user and particular login type, the customization management of scene and user to meet actual user's login。
Alternatively, in another embodiment of the present invention, device also includes: the 3rd binding module, logs in type accordingly for binding under described user model。When needing certain class limiting certain class user to log in type, under specifying user or under default user pattern, log in type by certain configuration binding。During user's unbound login type, acquiescence supports any login type。
As shown in figure 11, for the structural representation of the device that user in embodiments of the invention logs in, this device includes:
First acquisition module 1101, for obtaining the log-on message of login user input;
First matching module 1103, whether the log-on message matching unit this locality for inputting according to described user is configured with user's configuration mode of correspondence;If matched, then from user's configuration mode of coupling, obtain the login type of configuration;Otherwise, from default user pattern, obtain the login type of configuration;
Second matching module 1105, for the login type matching by the login type of login user Yu described configuration, if matched, then the corresponding relation according to user model set in advance Yu AAA template, obtain the AAA template corresponding with user's configuration mode of coupling or default user pattern;
Processing module 1107, initiates aaa authentication or aaa authentication and aaa authorization for the AAA template obtained according to coupling。
Alternatively, described device also includes: reminding module, if do not mated for the login type that the login type of described login user is corresponding with described user's configuration mode, points out login failure。
Alternatively, described device also includes:
Configuration module, is used for configuring one or more AAA Policies;
First binding module, is used for creating AAA template, is tied under described AAA template by described AAA Policy;
Creation module, is used for creating user model;And
Second binding module, for being tied to described AAA template under described user model。
The above is the preferred embodiment of the present invention; it should be pointed out that, for those skilled in the art, under the premise without departing from principle of the present invention; can also making some improvements and modifications, these improvements and modifications also should be regarded as protection scope of the present invention。
Claims (14)
1. the method based on the administrative login user of template, it is characterised in that described method includes:
Configure one or more AAA Policies;
Create AAA template, described AAA Policy is tied under described AAA template;
Create the user model of login user;And
Described AAA template is tied under described user model。
2. the method for claim 1, it is characterised in that described AAA template includes: aaa authentication template, aaa authorization template and AAA keep accounts in template one or more。
3. the method for claim 1, it is characterised in that described AAA Policy at least includes: aaa server switchover policy in aaa server type and aaa server group in aaa server group。
4. the method for claim 1, it is characterised in that described method also includes: bind under described user model and log in type accordingly。
5. method as claimed in claim 4, it is characterised in that described user model includes: default user pattern and user's configuration mode。
6. method as claimed in claim 5, it is characterised in that described login type is: console logs in type, TELNET logs in type, SSH logs in type, FTP logs in type or WEB logs in type。
7. the method that a user logs in, it is characterised in that described method includes:
Obtain the log-on message of login user input and log in type;
According to whether log-on message matching unit this locality that described user inputs is configured with corresponding user's configuration mode;If it does, then obtain the login type of configuration from user's configuration mode of coupling;Otherwise, from default user pattern, obtain the login type of configuration;
By the login type matching of the login type of login user Yu described configuration, if it does, then the corresponding relation according to user model set in advance Yu AAA template, obtain the AAA template corresponding with user's configuration mode of coupling or default user pattern;
Aaa authentication or aaa authentication and aaa authorization is initiated according to the AAA template that coupling obtains。
8. method as claimed in claim 7, it is characterised in that if the login type of the described login user login type corresponding with described user's configuration mode is not mated, then point out login failure。
9. method as claimed in claim 7, it is characterised in that described method also includes:
Configure one or more AAA Policies;
Create AAA template, described AAA Policy is tied under described AAA template;
Create the user model of login user;
Described AAA template is tied under described user model。
10. the device based on Template Manager login user, it is characterised in that described device includes:
Configuration module, is used for configuring one or more AAA Policies;
First binding module, is used for creating AAA template, is tied under described AAA template by described AAA Policy;
Creation module, is used for creating user model;And
Second binding module, for being tied to described AAA template under described user model。
11. device as claimed in claim 10, it is characterised in that described device also includes:
3rd binding module, logs in type accordingly for binding under described user model。
12. the device that a user logs in, it is characterised in that described device includes:
First acquisition module, for obtaining the log-on message of login user input and logging in type;
First matching module, whether the log-on message matching unit this locality for inputting according to described user is configured with user's configuration mode of correspondence;If it does, then obtain the login type of configuration from user's configuration mode of coupling;Otherwise, from default user pattern, obtain the login type of configuration;
Second matching module, for the login type matching by the login type of login user Yu described configuration, if matched, then the corresponding relation according to user model set in advance Yu AAA template, obtain the AAA template corresponding with user's configuration mode of coupling or default user pattern;
Processing module, initiates aaa authentication or aaa authentication and aaa authorization for the AAA template obtained according to coupling。
13. device as claimed in claim 12, it is characterised in that described device also includes: reminding module, if do not mated for the login type that the login type of described login user is corresponding with described user's configuration mode, point out login failure。
14. device as claimed in claim 12, it is characterised in that described device also includes:
Configuration module, is used for configuring one or more AAA Policies;
First binding module, is used for creating AAA template, is tied under described AAA template by described AAA Policy;
Creation module, is used for creating user model;
Second binding module, for being tied to described AAA template under described user model。
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410687347.8A CN105704089A (en) | 2014-11-25 | 2014-11-25 | Template-based login user management method, user login method and device |
| PCT/CN2015/073660 WO2016082366A1 (en) | 2014-11-25 | 2015-03-04 | Template based logged in user management method, user login method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410687347.8A CN105704089A (en) | 2014-11-25 | 2014-11-25 | Template-based login user management method, user login method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105704089A true CN105704089A (en) | 2016-06-22 |
Family
ID=56073445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410687347.8A Pending CN105704089A (en) | 2014-11-25 | 2014-11-25 | Template-based login user management method, user login method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105704089A (en) |
| WO (1) | WO2016082366A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685955A (en) * | 2016-12-28 | 2017-05-17 | 武汉微创光电股份有限公司 | Radius-based video monitoring platform security certification method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026481A (en) * | 2006-02-21 | 2007-08-29 | 华为技术有限公司 | Integrated user safety management method and device |
| US20090077618A1 (en) * | 2005-07-29 | 2009-03-19 | Identity Engines, Inc. | Segmented Network Identity Management |
| CN102938756A (en) * | 2011-08-15 | 2013-02-20 | 中兴通讯股份有限公司 | Selection method and device of policy servers |
| CN103119907A (en) * | 2010-07-21 | 2013-05-22 | 思杰系统有限公司 | Systems and methods for providing a smart group |
-
2014
- 2014-11-25 CN CN201410687347.8A patent/CN105704089A/en active Pending
-
2015
- 2015-03-04 WO PCT/CN2015/073660 patent/WO2016082366A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090077618A1 (en) * | 2005-07-29 | 2009-03-19 | Identity Engines, Inc. | Segmented Network Identity Management |
| CN101026481A (en) * | 2006-02-21 | 2007-08-29 | 华为技术有限公司 | Integrated user safety management method and device |
| CN103119907A (en) * | 2010-07-21 | 2013-05-22 | 思杰系统有限公司 | Systems and methods for providing a smart group |
| CN102938756A (en) * | 2011-08-15 | 2013-02-20 | 中兴通讯股份有限公司 | Selection method and device of policy servers |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685955A (en) * | 2016-12-28 | 2017-05-17 | 武汉微创光电股份有限公司 | Radius-based video monitoring platform security certification method |
| CN106685955B (en) * | 2016-12-28 | 2020-08-25 | 武汉微创光电股份有限公司 | Radius-based video monitoring platform security authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016082366A1 (en) | 2016-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220394099A1 (en) | Virtual hosting device and service to provide software-defined networks in a cloud environment | |
| CA2868896C (en) | Secure mobile framework | |
| EP2156610B1 (en) | Managing network components using usb keys | |
| CN107404485B (en) | Self-verification cloud connection method and system thereof | |
| US20030018889A1 (en) | Automated establishment of addressability of a network device for a target network enviroment | |
| WO2013181682A1 (en) | Method and device for control of a lock mechanism using a mobile terminal | |
| US10257188B2 (en) | Offline access control for an application | |
| CN106464717A (en) | Connecting public cloud with private network resources | |
| CN109768965A (en) | A kind of login method of server, equipment and storage device | |
| EP2978192B1 (en) | Peer to peer remote control method between one or more mobile devices | |
| US10171439B2 (en) | Owner based device authentication and authorization for network access | |
| CN106534082A (en) | User registration method and apparatus | |
| EP3970337A1 (en) | Method for selectively configuring a container, and network arrangement | |
| EP1927254B1 (en) | Method and a device to suspend the access to a service | |
| CN105704089A (en) | Template-based login user management method, user login method and device | |
| CN207706214U (en) | It is a kind of to connect system from verification cloud | |
| CN105991631B (en) | A kind of client device access authentication method and device | |
| Cisco | Configuring Authentication | |
| Cisco | Configuring Authentication | |
| Cisco | Configuring Authentication | |
| Cisco | Configuring Authorization | |
| Cisco | AAA Overview | |
| Richter et al. | Practical Deployment of Cisco Identity Services Engine (ISE): Real-world Examples of AAA Deployments | |
| JP6571615B2 (en) | Authentication server, distribution device, client terminal authentication system, and client terminal authentication method | |
| CN114428948A (en) | PAM (pulse amplitude modulation) framework based single sign-on verification and overall management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160622 |
|
| WD01 | Invention patent application deemed withdrawn after publication |