CN103795530A - Cross-domain controller authentication method, cross-domain controller authentication device and host - Google Patents

Cross-domain controller authentication method, cross-domain controller authentication device and host Download PDF

Info

Publication number
CN103795530A
CN103795530A CN201210427606.4A CN201210427606A CN103795530A CN 103795530 A CN103795530 A CN 103795530A CN 201210427606 A CN201210427606 A CN 201210427606A CN 103795530 A CN103795530 A CN 103795530A
Authority
CN
China
Prior art keywords
information
domain
node
domain controller
section point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210427606.4A
Other languages
Chinese (zh)
Other versions
CN103795530B (en
Inventor
吴剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210427606.4A priority Critical patent/CN103795530B/en
Priority to PCT/CN2013/075910 priority patent/WO2014067284A1/en
Publication of CN103795530A publication Critical patent/CN103795530A/en
Application granted granted Critical
Publication of CN103795530B publication Critical patent/CN103795530B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses a cross-domain controller authentication method, a cross-domain controller authentication device and a host. The method is applied to a system including a plurality of domain controllers and a plurality of nodes. The method comprises the following steps: a first node acquires authentication information containing domain information of a target domain controller; the first node judges whether the authentication information is in accordance with domain information of a domain controller to which the node is added, and if the authentication information is not in accordance with domain information of a domain controller to which the node is added, a second domain controller in accordance with the authentication information carries out authentication, and an authentication result is fed back to the first node through a second node, wherein the second node is a node added to the second domain controller. As authentication is carried out by the second domain controller in accordance with the authentication information, and the authentication result is fed back to the first node through the second node, the method and the device disclosed by the embodiment of the invention enable cross-domain controller authentication to be realized, and meet the requirement for a domain control user to access shared resources on other domain controller nodes.

Description

A kind of method, device and main frame of cross-domain controller authentication
Technical field
The present invention relates to network authentication technical field, more particularly, relate to a kind of authentication method, device and main frame of cross-domain controller.
Background technology
The management of modern enterprises and institutions and running be unable to do without computer and local area network (LAN), and enterprise, in the time utilizing network to carry out routine office work management and running, can produce many document informations of the business event data informations such as routine office work file, drawing file and individual.Make the data of whole enterprises and institutions inside obtain unified management and Secure Application, just must have a safety, cost performance is good, application is convenient, manage simple storage device stores and back up the data information of enterprises.NAS(Network Attached Storage) network storage server is exactly above-mentioned desirable storage device.NAS network storage server is file storage and the backup server of a particular design, it can be by the data information in network rationally effectively, management be got up safely, and can be used as alternate device by the application data of database and other constantly automated back-up to NAS.
At present, sharing agreement for the widely used network file device of NAS is CIFS(Common Internet File System, common the Internet file device), CIFS has two kinds for user's purview certification: one is local user authentication, and another kind is that domain controller user authenticates.Local user authentication refers to when client user logs in, and user's authority itself is authenticated by CIFS server completely, does not need through third-party certification authority, is a kind of fairly simple authentication mode.And in order to make user's authentication safer, used is domain controller user authentication mode more.Domain controller user authentication mode refers to when client user logs in, and user's authority is authenticated by third-party certification authority, is a kind of authentication mode of more complicated.
As shown in Figure 1: existing domain controller user authentication mode is as follows:
Upper each node of cluster NAS adds different domain controllers, and different domain controllers carries out user and authenticates joining node in its territory, realizes independently control of authority thereby realize each node domain controller independently.
The technical problem that this scheme is brought is:
Configuration is complicated, needs upper each node of cluster NAS to add different domain controllers, comparatively complicated in networking.
User on a certain domain controller, the domain controller that can only be added by the node of current login carries out user and authenticates, and can not be cross-domain controller authentication, and then can not meet territory control user and access the demand of shared resource on other domain controller nodes.
Summary of the invention
In view of this, in order to solve the problem that user on domain controller can not cross-domain controller authentication, the application's first aspect provides a kind of authentication method of cross-domain controller, is applied to the system of multiple domain controllers and multiple nodes, and the method comprises:
First node obtains authentication information, the domain information that described authentication information comprises aiming field controller;
First node judges whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
In conjunction with first aspect, in the possible implementation of the first of first aspect,
The second domain controller that described and described authentication information conforms to authenticates, and authentication result feeds back to described first node by Section Point, comprising:
Described authentication information is forwarded to Section Point by described first node, authenticated by described the second domain controller, and authentication result is fed back to described Section Point by described the second domain controller, and described authentication result is fed back to described first node by described Section Point.
In conjunction with the possible implementation of the first of first aspect, in the possible implementation of the second, described described authentication information is forwarded to Section Point, the second domain controller being added by described Section Point authenticates, and comprising:
In the control table setting in advance, search the domain information of the domain controller corresponding with the domain information of described aiming field controller, wherein, described in comprise in the control table that sets in advance: nodal information, the domain information of domain controller that node adds under nodal information;
According to the described nodal information of searching the domain information that obtains domain controller and find coupling in the described control table setting in advance, the nodal information of described coupling is Section Point information;
Described authentication information is transmitted to described Section Point, and the second domain controller being added by described Section Point authenticates.
In conjunction with first aspect, in the possible implementation of the first of first aspect,
The second domain controller that described and described authentication information conforms to authenticates, and authentication result feeds back to described first node by Section Point, comprising:
Described authentication information is broadcast to all nodes in described cluster;
All nodes in described cluster judge whether the domain information of its domain controller adding meets described authentication information, if, this node is described Section Point, and described Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
Second aspect present invention provides a kind of authenticate device of cross-domain controller, and this device comprises first node, Section Point and the second Proctor Central:
Described first node obtains authentication information, the domain information that described authentication information comprises aiming field controller;
Described first node judges whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
In conjunction with second aspect, in the possible implementation of the first of second aspect,
Described first node comprises retransmission unit and feedback unit;
Described authentication information is forwarded to Section Point by described retransmission unit, authenticated by described the second domain controller, and authentication result is fed back to described feedback unit by described the second domain controller, and described authentication result is fed back to described first node by described feedback unit.
In conjunction with the possible implementation of the first of second aspect, in the possible implementation of the second,
Described retransmission unit comprises that first searches module, second and search module and sending module:
Described first searches module, for search the domain information of the domain controller corresponding with the domain information of described aiming field controller in the control table setting in advance, and by described with search the domain information that obtains domain controller and be transferred to described second and search module, wherein, in the described control table setting in advance, comprise: nodal information, the domain information of domain controller that node adds under nodal information;
Described second searches module, for from described first search module receive described with search the domain information that obtains domain controller, according to the described nodal information of searching the domain information that obtains domain controller and find coupling in the described control table setting in advance, the nodal information of described coupling is Section Point information, and by extremely described sending module of described Section Point communication;
Described sending module, receives described Section Point information for searching module from described second, and according to described Section Point information, described authentication information is transmitted to described Section Point, and the second domain controller being added by described Section Point authenticates.
In conjunction with second aspect, in the possible implementation of the first of second aspect,
Described first node comprises radio unit;
Described radio unit is for being broadcast to all nodes in described cluster by described authentication information;
All nodes in described cluster judge whether the domain information of its domain controller adding meets described authentication information, if, this node is described Section Point, and described Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
Third aspect present invention provides a kind of main frame, and described main frame comprises processor, communication interface, memory and bus;
Wherein processor, communication interface, memory complete mutual communication by bus;
Described communication interface, for obtaining authentication information, and is transferred to described processor by described authentication information;
Described processor, for executive program;
Described memory, for depositing program;
Its Program is used for:
Obtain authentication information, the domain information that described authentication information comprises aiming field controller;
Judge whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
Owing to being that the second domain controller by conforming to authentication information authenticates, authentication result feeds back to first node by Section Point, therefore the embodiment of the present application can realize the authentication of cross-domain controller, and then has met territory control user and access the demand of shared resource on other domain controller nodes.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiment of the application, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of schematic flow sheet of the cross-domain controller authentication method shown in embodiment of the application;
Fig. 2 is a kind of sequential schematic diagram of the cross-domain controller authentication method shown in embodiment of the application;
Fig. 3 is a kind of sequential schematic diagram of the cross-domain controller authentication method shown in embodiment of the application;
Fig. 4 is a kind of schematic diagram of the cross-domain controller authentication method shown in embodiment of the application;
Fig. 5 is a kind of structural representation of the cross-domain controller authenticate device shown in embodiment of the application;
Fig. 6 is a kind of structural representation of the first node shown in embodiment of the application;
Fig. 7 is a kind of structural representation of the main frame shown in embodiment of the application;
Fig. 8 is a kind of structural representation of the program 732 shown in embodiment of the application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only the application's part embodiment, rather than whole embodiment.Based on the embodiment in the application, those of ordinary skills are not making the every other embodiment obtaining under creative work prerequisite, all belong to the scope of the application's protection.
Referring to Fig. 1, show the schematic flow sheet of an embodiment of the authentication method of a kind of cross-domain controller of the application, the method comprises:
Step 110: first node obtains authentication information.
The domain information that authentication information comprises aiming field controller.
Step 120: first node judges that whether authentication information meets the domain information of the domain controller that this node adds, if do not conformed to, carry out step 130.
The embodiment of the present application discloses a kind of authentication method of cross-domain controller, be applied to the device of multiple domain controllers and multiple nodes, domain controller authenticates the node joining in its territory, it should be noted that, above-mentioned first node does not refer in particular to a certain node, but being added to any node in the multiple nodes of a certain domain controller, above-mentioned a certain domain controller is assumed to the first domain controller, does not also refer in particular to.User logins by first node, input authentication information, the domain information of aiming field controller, if the authentication information of user's input all conforms to the information of the first domain controller, authenticated by the first domain controller, otherwise carry out step 130, wherein, domain information, username and password that authentication information comprises aiming field controller, domain information at least comprises: domain IP address and domain name.
Step 130: the second domain controller conforming to authentication information authenticates, and authentication result feeds back to described first node by Section Point.
Wherein, Section Point is the node that adds described the second domain controller.
Owing to being that the second domain controller by conforming to authentication information authenticates, authentication result feeds back to first node by Section Point, therefore the embodiment of the present application can realize the authentication of cross-domain controller, and then has met territory control user and access the demand of shared resource on other domain controller nodes.
Referring to Fig. 2, the embodiment of the present application discloses a kind of authentication method of cross-domain controller, be applied to cluster network interconnection system storage NAS, cluster NAS comprises multiple domain controllers and multiple node, domain controller authenticates the node joining in its territory, and the embodiment of the present application describes as an example of a node in cluster NAS example:
Step 210: first node obtains authentication information.
The domain information that authentication information comprises aiming field controller.User is by the first node input authentication information in cluster NAS, the resource information on this node of sign-on access is carried out in requirement, wherein, domain information, username and password that authentication information comprises aiming field controller, the domain information of aiming field controller at least comprises again: domain IP address and domain name.
Step 220: first node judges that whether authentication information meets the domain information of the domain controller that this node adds, if do not conformed to, carry out step 230:
Step 230: authentication information is forwarded to Section Point by first node, is authenticated by the second domain controller, and authentication result is fed back to Section Point by the second domain controller, and Section Point feeds back to first node by authentication result again.
Wherein, authentication information is forwarded to Section Point by first node, and the second domain controller being added by Section Point authenticates, and can comprise again:
In the control table setting in advance, search the domain information of the domain controller corresponding with the domain information of aiming field controller, according to the nodal information of searching the domain information that obtains domain controller and find coupling in the control table setting in advance, the nodal information of coupling is Section Point information, authentication information is transmitted to Section Point, the second domain controller being added by Section Point authenticates, wherein, in the control table setting in advance, comprise: nodal information, the domain information of domain controller that node adds under nodal information, can in cluster NAS, set in advance a control table, the nodal information of node of domain controller will be added, under nodal information, the domain information of domain controller that node adds is synchronized to this control table, all nodes in cluster NAS all can find the nodal information of add of this domain controller according to the domain information of domain controller that adds in this control table, and find the node that adds domain controller according to nodal information.
On the other hand, in step 220, if first node judges authentication information and meets the domain information of the domain controller that this node adds, the domain controller so being added by this node authenticates, in the domain controller that this node adds, comprise by IP address, the domain name in this territory, belonged to the database of the information structure such as user name, password of the computer in this territory, in the time that computer is linked network, first domain controller will differentiate whether this computer belongs to this territory, and whether domain name, the user name in user's input authentication information exists, whether password is correct.If above information has equally incorrect, domain controller will be refused this user from the login of this computer so, if can not login, user has the resource of protection of usage right on just can not access services device, has so just protected to a certain extent the resource on network.
Lower mask body introduce the process that domain controller authenticates, please refer to Fig. 3.
Step 310: node sends to common the Internet file device CIFS (Common Internet File System) server the negotiate request of consulting.
Before setting up CIFS connection, node can send one and consult request to CIFS server, and CIFS server finally negotiates some important parameters of both sides' communication according to the situation that realizes of oneself.
Step 320:CIFS server produces the random password of random number, and random password is sent to node.
Step 330: the random password that node produces according to CIFS server, and the user name receiving and password, calculate and produce message identifying through algorithm, in message identifying, comprise NTLM(New Technology LAN Manager) the first response, and message identifying is sent to CIFS server.
Step 340:CIFS server is by user name, and random password and the first response send to domain controller, and request domain controller authenticates.
Step 350: domain controller is according to the true password of this user on random password, user name and domain controller, the step same with step 330 calculates the second response, and compare with the first response that CIFS server sends, identical authentication is passed through, difference is authentification failure, and authentication result is returned to CIFS server.
Wherein, the step same with step 330 refers to user's name, random password, and on territory, user's true password calculates.
Step 360:CIFS server the most at last authentication result returns to node.
The embodiment of the present application is that cluster NAS above carries out share and access by CIFS agreement, realizes user in not same area control and can carry out read and write access to the shared file in different node by each node on cluster.Such as the authority of the different departments of a company is by not same area control control, but there are access rights in different departments to same sharing again, can adopt the embodiment of the present application to carry out purview certification, also needn't solve the technical barrier that Same Vertices adds multiple territories, because, the CIFS server that each NAS manufacturer mainly adopts is samba, samba cannot realize the operation that same node adds different domain controllers at present, in addition, each version of Windows also cannot be realized the operation that adds multiple domain controllers at present.
Referring to Fig. 4, further, above-mentioned the second domain controller conforming to authentication information authenticates, and authentication result feeds back to first node by Section Point, can comprise:
Authentication information is broadcast to all nodes in cluster;
All nodes in cluster judge whether the domain information of its domain controller adding meets authentication information, and if so, this node is Section Point, and Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
From above-described embodiment, even the domain controller that first node adds paralysis, but the domain controller that can add by other node authenticates, to reach the object of the resource of access on first node, also reduced the domain controller risk that can not log in access of bringing of paralysing simultaneously.
It should be noted that, can also set up Backup Domain Controller for the domain controller of each node, further reduce the domain controller risk that can not log in access of bringing of paralysing.
Please refer to Fig. 5, embodiment is corresponding with said method, and the embodiment of the present application also discloses a kind of authenticate device of cross-domain controller, and this device comprises first node 510, Section Point 520 and the second Proctor Central 530:
First node 510 obtains authentication information, the domain information that authentication information comprises aiming field controller;
First node 510 judges whether authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller 530 conforming to authentication information authenticates, and authentication result feeds back to first node 510 by Section Point 520;
Wherein, Section Point 520 is for adding the node of the second domain controller 530.
Further, with reference to figure 6, first node 510 comprises retransmission unit 511 and feedback unit 512;
Authentication information is forwarded to Section Point 520 by retransmission unit 511, authenticated by the second domain controller 530, and authentication result is fed back to feedback unit 512 by the second domain controller 530, and authentication result is fed back to first node 510 by feedback unit 512.
Further, retransmission unit 511 comprises that first searches module, second and search module and sending module:
First searches module, for search the domain information of the domain controller corresponding with the domain information of aiming field controller in the control table setting in advance, and by with search the domain information that obtains domain controller and be transferred to second and search module, wherein, in the control table setting in advance, comprise: nodal information, the domain information of domain controller that node adds under nodal information;
Second searches module, receive and search the domain information that obtains domain controller for searching module from first, according to the nodal information of searching the domain information that obtains domain controller and find coupling in the control table setting in advance, coupling nodal information be Section Point information, and by Section Point communication to sending module;
Sending module, receives Section Point information for searching module from second, and according to Section Point information, authentication information is transmitted to Section Point, and the second domain controller being added by Section Point authenticates.
In other embodiments of the invention.
First node can comprise radio unit;
Radio unit is for being broadcast to all nodes in cluster by authentication information;
All nodes in cluster judge whether the domain information of its domain controller adding meets authentication information, and if so, this node is Section Point, and Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
Owing to being that the second domain controller by conforming to authentication information authenticates, authentication result feeds back to first node by Section Point, therefore the embodiment of the present application can realize the authentication of cross-domain controller, and then has met territory control user and access the demand of shared resource on other domain controller nodes.
Please refer to Fig. 7, the embodiment of the present invention provides a kind of schematic diagram of main frame 700.Main frame 700 may be the host server that comprises computing capability, or personal computer PC, or portable portable computer or terminal etc., and the specific embodiment of the invention does not limit the specific implementation of main frame.Main frame 700 comprises:
Processor (processor) 710, communication interface (Communications Interface) 720, memory (memory) 730, bus 740.
Processor 710, communication interface 720, memory 730 completes mutual communication by bus 740.
Communication interface 720, for obtaining authentication information, and is transferred to processor 710 by authentication information;
Processor 710, for executive program 732.
Particularly, program 732 can comprise program code, and described program code comprises computer-managed instruction.
Processor 710 may be a central processor CPU, or specific integrated circuit ASIC(Application Specific Integrated Circuit), or be configured to implement one or more integrated circuits of the embodiment of the present invention.
Memory 730, for depositing program 732.Memory 730 may comprise high-speed RAM memory, also may also comprise nonvolatile memory (non-volatile memory), for example at least one magnetic disc store.
Program 732 specifically can be for:
Obtain authentication information, the domain information that authentication information comprises aiming field controller;
Judge whether authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to authentication information authenticates, and authentication result feeds back to first node by Section Point;
Wherein, Section Point is the node that adds the second domain controller.
As shown in Figure 8, program 732, can comprise:
First node 510, Section Point 520 and the second Proctor Central 530:
First node 510 obtains authentication information, the domain information that authentication information comprises aiming field controller;
First node 510 judges whether authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller 530 conforming to authentication information authenticates, and authentication result feeds back to first node 510 by Section Point 520;
Wherein, Section Point 520 is for adding the node of the second domain controller 530.
In program 732, the specific implementation of each node and Proctor Central, referring to the corresponding units in above-described embodiment, is not repeated herein.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the device of foregoing description, device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
In the several embodiment that provide in the application, should be understood that disclosed device, apparatus and method can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, when actual realization, can have other dividing mode, for example multiple unit or assembly can in conjunction with or can be integrated into another device, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some communication interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in multiple network element.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.
If described function realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium using the form of SFU software functional unit.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or the part of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: various media that can be program code stored such as USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CDs.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, any be familiar with those skilled in the art the present invention disclose technical scope in; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.

Claims (9)

1. an authentication method for cross-domain controller, is applied to the system of multiple domain controllers and multiple nodes, it is characterized in that, the method comprises:
First node obtains authentication information, the domain information that described authentication information comprises aiming field controller;
First node judges whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
2. method according to claim 1, is characterized in that, the second domain controller that described and described authentication information conforms to authenticates, and authentication result feeds back to described first node by Section Point, comprising:
Described authentication information is forwarded to Section Point by described first node, authenticated by described the second domain controller, and authentication result is fed back to described Section Point by described the second domain controller, and described authentication result is fed back to described first node by described Section Point.
3. method according to claim 2, is characterized in that, described described authentication information is forwarded to Section Point, and the second domain controller being added by described Section Point authenticates, and comprising:
In the control table setting in advance, search the domain information of the domain controller corresponding with the domain information of described aiming field controller, wherein, described in comprise in the control table that sets in advance: nodal information, the domain information of domain controller that node adds under nodal information;
According to the described nodal information of searching the domain information that obtains domain controller and find coupling in the described control table setting in advance, the nodal information of described coupling is Section Point information;
Described authentication information is transmitted to described Section Point, and the second domain controller being added by described Section Point authenticates.
4. method according to claim 1, is characterized in that, the second domain controller that described and described authentication information conforms to authenticates, and authentication result feeds back to described first node by Section Point, comprising:
Described authentication information is broadcast to all nodes in described cluster;
All nodes in described cluster judge whether the domain information of its domain controller adding meets described authentication information, if, this node is described Section Point, and described Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
5. an authenticate device for cross-domain controller, is characterized in that, this device comprises first node, Section Point and the second Proctor Central:
Described first node obtains authentication information, the domain information that described authentication information comprises aiming field controller;
Described first node judges whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
6. device according to claim 5, is characterized in that,
Described first node comprises retransmission unit and feedback unit;
Described authentication information is forwarded to Section Point by described retransmission unit, authenticated by described the second domain controller, and authentication result is fed back to described feedback unit by described the second domain controller, and described authentication result is fed back to described first node by described feedback unit.
7. device according to claim 6, is characterized in that,
Described retransmission unit comprises that first searches module, second and search module and sending module:
Described first searches module, for search the domain information of the domain controller corresponding with the domain information of described aiming field controller in the control table setting in advance, and by described with search the domain information that obtains domain controller and be transferred to described second and search module, wherein, in the described control table setting in advance, comprise: nodal information, the domain information of domain controller that node adds under nodal information;
Described second searches module, for from described first search module receive described with search the domain information that obtains domain controller, according to the described nodal information of searching the domain information that obtains domain controller and find coupling in the described control table setting in advance, the nodal information of described coupling is Section Point information, and by extremely described sending module of described Section Point communication;
Described sending module, receives described Section Point information for searching module from described second, and according to described Section Point information, described authentication information is transmitted to described Section Point, and the second domain controller being added by described Section Point authenticates.
8. device according to claim 5, is characterized in that,
Described first node comprises radio unit;
Described radio unit is for being broadcast to all nodes in described cluster by described authentication information;
All nodes in described cluster judge whether the domain information of its domain controller adding meets described authentication information, if, this node is described Section Point, and described Section Point obtains the authentication result of its domain controller feedback adding, and feedback result is sent to first node.
9. a main frame, is characterized in that, described main frame comprises processor, communication interface, memory and bus;
Wherein processor, communication interface, memory complete mutual communication by bus;
Described communication interface, for obtaining authentication information, and is transferred to described processor by described authentication information;
Described processor, for executive program;
Described memory, for depositing program;
Its Program is used for:
Obtain authentication information, the domain information that described authentication information comprises aiming field controller;
Judge whether described authentication information meets the domain information of the domain controller that this node adds, if do not conformed to:
The second domain controller conforming to described authentication information authenticates, and authentication result feeds back to described first node by Section Point;
Wherein, described Section Point is the node that adds described the second domain controller.
CN201210427606.4A 2012-10-31 2012-10-31 A kind of method, device and the main frame of cross-domain controller certification Active CN103795530B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210427606.4A CN103795530B (en) 2012-10-31 2012-10-31 A kind of method, device and the main frame of cross-domain controller certification
PCT/CN2013/075910 WO2014067284A1 (en) 2012-10-31 2013-05-20 Cross-domain controller authentication method, apparatus, and host

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210427606.4A CN103795530B (en) 2012-10-31 2012-10-31 A kind of method, device and the main frame of cross-domain controller certification

Publications (2)

Publication Number Publication Date
CN103795530A true CN103795530A (en) 2014-05-14
CN103795530B CN103795530B (en) 2017-11-03

Family

ID=50626405

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210427606.4A Active CN103795530B (en) 2012-10-31 2012-10-31 A kind of method, device and the main frame of cross-domain controller certification

Country Status (2)

Country Link
CN (1) CN103795530B (en)
WO (1) WO2014067284A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104754047A (en) * 2015-03-26 2015-07-01 浪潮集团有限公司 Method for performing cross-platform unified management on users of cluster storage system
CN105099710A (en) * 2015-08-28 2015-11-25 中国航天科工集团第二研究院七〇六所 Cross-domain access control method for trusted radio frequency identification network
WO2016065925A1 (en) * 2014-10-29 2016-05-06 中兴通讯股份有限公司 Controller replacing method and device
CN105657026A (en) * 2016-01-27 2016-06-08 浪潮电子信息产业股份有限公司 Method for realizing cross-domain working of NAS (Network Attached Storage) server
CN105933125A (en) * 2016-07-07 2016-09-07 北京邮电大学 Method and device for southing security authentication in software-defined networking
WO2018219351A1 (en) * 2017-06-02 2018-12-06 华为技术有限公司 Authentication method, device and system
WO2021115449A1 (en) * 2019-12-13 2021-06-17 中兴通讯股份有限公司 Cross-domain access system, method and device, storage medium, and electronic device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9866468B2 (en) * 2015-03-31 2018-01-09 Verizon Patent And Licensing Inc. Discovery and admission control of forwarding boxes in a software-defined network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060179307A1 (en) * 2005-02-04 2006-08-10 Cisco Technology, Inc. Method and system for inter-subnet pre-authentication
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101471777A (en) * 2007-12-29 2009-07-01 中国科学院计算技术研究所 Access control system and method between domains based on domain name
CN101668292A (en) * 2009-10-23 2010-03-10 中国电信股份有限公司 WAPI roaming access authentication method, system and access site (AS) server thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060179307A1 (en) * 2005-02-04 2006-08-10 Cisco Technology, Inc. Method and system for inter-subnet pre-authentication
CN101471777A (en) * 2007-12-29 2009-07-01 中国科学院计算技术研究所 Access control system and method between domains based on domain name
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101668292A (en) * 2009-10-23 2010-03-10 中国电信股份有限公司 WAPI roaming access authentication method, system and access site (AS) server thereof

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016065925A1 (en) * 2014-10-29 2016-05-06 中兴通讯股份有限公司 Controller replacing method and device
CN105634765A (en) * 2014-10-29 2016-06-01 中兴通讯股份有限公司 Controller replacement method and controller replacement device
CN104754047A (en) * 2015-03-26 2015-07-01 浪潮集团有限公司 Method for performing cross-platform unified management on users of cluster storage system
CN105099710A (en) * 2015-08-28 2015-11-25 中国航天科工集团第二研究院七〇六所 Cross-domain access control method for trusted radio frequency identification network
CN105657026A (en) * 2016-01-27 2016-06-08 浪潮电子信息产业股份有限公司 Method for realizing cross-domain working of NAS (Network Attached Storage) server
CN105933125A (en) * 2016-07-07 2016-09-07 北京邮电大学 Method and device for southing security authentication in software-defined networking
CN105933125B (en) * 2016-07-07 2019-08-09 北京邮电大学 South orientation safety certifying method and device in a kind of software defined network
WO2018219351A1 (en) * 2017-06-02 2018-12-06 华为技术有限公司 Authentication method, device and system
CN108989270A (en) * 2017-06-02 2018-12-11 华为技术有限公司 Authentication method, equipment and system
WO2021115449A1 (en) * 2019-12-13 2021-06-17 中兴通讯股份有限公司 Cross-domain access system, method and device, storage medium, and electronic device
CN112995097A (en) * 2019-12-13 2021-06-18 中兴通讯股份有限公司 Cross-domain access system, method and device
CN112995097B (en) * 2019-12-13 2023-09-22 中兴通讯股份有限公司 Cross-domain access system, method and device

Also Published As

Publication number Publication date
CN103795530B (en) 2017-11-03
WO2014067284A1 (en) 2014-05-08

Similar Documents

Publication Publication Date Title
US11354429B2 (en) Device and methods for management and access of distributed data sources
CN103795530A (en) Cross-domain controller authentication method, cross-domain controller authentication device and host
US11088903B2 (en) Hybrid cloud network configuration management
EP3367276B1 (en) Providing devices as a service
US11716390B2 (en) Systems and methods for remote management of appliances
EP3117578B1 (en) Disposition engine for single sign on (sso) requests
US20110154465A1 (en) Techniques for accessing desktop applications using federated identity
CN110830546A (en) Available domain construction method, device and equipment based on container cloud platform
CN105592052B (en) A kind of firewall rule configuration method and device
EP2715971B1 (en) Automating cloud service reconnections
US10798083B2 (en) Synchronization of multiple independent identity providers in relation to single sign-on management
CN103475726A (en) Virtual desktop management method, server and client side
US11863558B1 (en) Method and apparatus for credential handling
CN103369022A (en) Method and system for communication with memory device
US10491589B2 (en) Information processing apparatus and device coordination authentication method
CN104468550A (en) User login method for Windows desktop, device and system
WO2023072817A1 (en) Control of access to computing resources implemented in isolated environments
US9948648B1 (en) System and method for enforcing access control to publicly-accessible web applications
CN108600156B (en) Server and security authentication method
US8087066B2 (en) Method and system for securing a commercial grid network
CN114745757B (en) Cluster switching method, device, equipment and medium
US20200259814A1 (en) Application login control method, server terminal, and computer-readable storage medium
US11784996B2 (en) Runtime credential requirement identification for incident response
CN116158103A (en) Techniques for device-to-device authentication
CN104811446A (en) Novel network safety protection system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant