CN106375323A - Kerberos identity authentication method in multi-tenant mode - Google Patents
Kerberos identity authentication method in multi-tenant mode Download PDFInfo
- Publication number
- CN106375323A CN106375323A CN201610812123.4A CN201610812123A CN106375323A CN 106375323 A CN106375323 A CN 106375323A CN 201610812123 A CN201610812123 A CN 201610812123A CN 106375323 A CN106375323 A CN 106375323A
- Authority
- CN
- China
- Prior art keywords
- cluster
- tenant
- service
- hbase
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 12
- 238000013475 authorization Methods 0.000 claims abstract description 7
- 238000002955 isolation Methods 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 description 6
- 238000012795 verification Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000004899 motility Effects 0.000 description 1
- 239000010453 quartz Substances 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- VYPSYNLAJGMNEJ-UHFFFAOYSA-N silicon dioxide Inorganic materials O=[Si]=O VYPSYNLAJGMNEJ-UHFFFAOYSA-N 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for kerberos identity authentication in a multi-tenant mode, which belongs to the field of big data security, wherein before a user executes a task, the user authenticates himself through an authentication server to obtain TGT; a user requests a Service Ticket of the access Service to a Ticket authorization server through the TGT, and the KDC generates a session key and then sends the session key to the client; the client authenticates itself to the service through the service ticket to complete the identity authentication. And the user realizes the safe data operation between the server side hadoop big data cluster components hdfs, hive, hbase, spark and other components through the bill.
Description
Technical field
The present invention relates to big data security fields, the side of kerberos authentication under more particularly, to a kind of multi-tenant pattern
Method.
Background technology
With the popularization developing rapidly with computer utility of cloud computing technology, mass data is had moved high in the clouds.Especially
It is intellectuality, the universalness of terminal unit, the more information of people also gradually stores beyond the clouds.Mass data storage and calculating
Safety problem is also following, how to ensure the safety of data.There are not safety certification, all sections in acquiescence cluster in hadoop
Point is all reliable, trusty.User does not need when storing data into hdfs or executing task by mapreduce engine
Safety verification.Cloud massive data major part is stored in the hdfs of hadoop cluster, and data calculates is drawn by mapreduce
Hold up, spark engine etc.;Will necessarily exist and disguise oneself as real user or server intrudes into hadoop cluster, distort hdfs number
According to or malice submit to operation, change jobtracker state, disguise oneself as tasktracker, namenode receive an assignment.High in the clouds
Hadoop cluster safety guarantee, become emphasis of concern.Kerberos be for computer network identity differentiate, be by
A set of tripartite's safety authentication protocol that mit designs and develops, and written into rfc standard, design object is to be by cipher key system
Client/server applications provide powerful authentication service, are characterized in that user only needs to input authentication letter
Breath just can establish shared key so that this association by the bill multiple services of access between each client and service
View has higher safety.Kerberos can solve the problems, such as hadoop safety certification, including user to server, server
Enterprise-level to the certification of server is increased income solution.The present invention is extended based on kerberos, solves facing cloud and puts down
Under platform, multi-tenant uses data in the Verify Your Identity questions of hadoop big data cluster and the storage of hadoop big data, calculating field
Integrity, confidentiality.Because kerberos certification has a lot of drawbacks, so the one kind under proposing facing cloud platform is based on
The enterprise level solution of kerberos agreement multi-tenant authentication.
Content of the invention
In order to solve above technical problem, the present invention proposes a kind of side of kerberos authentication under multi-tenant pattern
Method.User is realized and the server end hadoop large data sets group assembly such as part hdfs, hive, hbase, spark by bill
Between secure data operation.The present invention can support that in cloud platform, hadoop cluster type is to exclusively enjoy and shared model, and supports
Tenant has secure access to the mechanism of platform in both modes by kerberos authentication.
How user's bill that tenant's generation has unique time stamps accesses shared cluster, and tenant passes through big data assembly
Bill is realized interacting with the server end hadoop large data sets group assembly such as part hdfs, hive, hbase, spark.Real
The isolation of existing tenant data and sharing functionality, provide unified task resource scheduling and isolation mech isolation test between tenant.
Described big data assembly bill be respectively hdfs.headless.keytab, hive.service.keytab,
Hbase.service.keytab, spark.headless.keytab etc..
Described task resource scheduling and isolation mech isolation test, Floor layer Technology is by hadoop yarn resource isolation technology Lai real
Existing;Front end provides Portable Batch System web interface as the unified entrance of Portable Batch System.
Before user's execution task, first pass through certificate server (as) certification oneself, obtain tgt (ticket granting
ticket);User passes through tgt (ticket granting ticket) to ticket authorisation server (ticket granting
Server the service ticket of access service, kdc) is asked to issue client in the lump after generating session key;Visitor
Service ticket is passed through to service authentication oneself in family end, completes authentication.
Concretely comprise the following steps:
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment);When cluster runs, in cluster
Node obtain certification using key;Only certified node of crossing could normally use;
(2), after tenant's application big data cluster, server end is that each tenant generates in units of cluster and has timestamp
In unique mark keytab file, wherein hadoop cluster, each assembly can have corresponding keytab file;
(3) use under cloud platform it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster
Big data service;Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification;Wherein right
Before hdfs, hive, hbase, spark operation, need kinit order certification.
(4), big data assembly is operated;
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark assembly in operation cloud platform cluster, simultaneously
There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants.
Kerberos can solve the problems, such as hadoop safety certification in big data.There is provided certification to client trusty, and
The function of downloading kerberos related credentials is provided the user on web interface, the user's ticket with unique time stamps can be obtained
According to trust voucher, reduce client bill be acquired or attempt obtain client identity probability reduce;Tenant passes through user
Bill enters neatly develops third-party application under line, it is several greatly with cloud platform hadoop cluster that tenant relies on user's bill to be realized
Access according to safety storage, task resource rational management, flexible data etc..
The invention has the beneficial effects as follows
The present invention can be shared or exclusively enjoy type cluster according to tenant's business demand application, and supports each tenant in cloud platform
Multiple big data service clusters can be applied for.For each cluster of tenant, platform can be carried for tenant based on kerberos agreement
Access the certification billing information of cluster for the keytab file of corresponding big data assembly, krb5.conf etc..
The present invention can solve enterprise and exclusively enjoy sharing problem with public data, root for sensitive data in hadoop cluster
According to group type to the different authentication information of tenant's distribution, and tenant is provided to download large data sets group on web page
Part corresponding keytab file, facilitates user by keytab file cache to local, is locally developed the related big number of debugging
According to business procedure, facilitate exploitation third party application under tenant's line.Emphasis of the present invention is inquired into and is realized how under multi-tenant environment
Using shared cluster, and still can ensure that each tenant data resource isolation.
Brief description
Fig. 1 is kerberos verification process schematic diagram.
Specific embodiment
Below present disclosure is carried out with more detailed elaboration:
Implementation procedure is as follows:
Table 1 is the technical term used in kerberos verification process:
Table 1
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment).When cluster runs, in cluster
Node obtain certification using key.Only certified node of crossing could normally use.Attempt the node pretended to be due to there is no thing
The key information first obtaining is it is impossible to communicate with the node of cluster internal.
(2), after tenant's application big data cluster, server end generates in units of cluster for each tenant and has the time
The unique mark keytab file of stamp, wherein in hadoop cluster, each assembly can have corresponding keytab file.For example
(hbase_1465694161526.keytab).
(3) cloud is used to put down it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster
Big data service under platform.Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification.As follows:
1),kinit -k -t /etc/security/keytabs/hdfs.headless.keytab hdfs-
clustername@idap.com
2),kinit -k -t /etc/security/keytabs/hive.service.keytab hive/
hiveserver2hostname@idap.com
3),kinit -k -t /etc/security/keytabs/hbase.service.keytab hbase/
hbasemasterserverhostname@idap.com
4),kinit -k -t /etc/security/keytabs/spark.headless.keytab spark-
clustername@idap.com
Wherein, idap.com is domain name;Clustername is cluster name;Hiveserver2hostname is hive
The corresponding hostname of server place machine;Hbasemasterserverhostname is hbase master server
The corresponding hostname of place machine.
(4), big data assembly is operated, need to obtain hbse to before hbase operation taking hbase as a example
Connection, below for the main code of acquisition hbase connection after cluster installation kerberos assembly:
configuration conf = hbaseconfiguration.create();
//hadoop cluster security authentication mechanism adopts kerberos certification
conf.set("hadoop.security.authentication", "kerberos");
Whether //hadoop certification opens security authorization mechanism
conf.set("hadoop.security.authorization", "true");
//hbase cluster safety authentication mechanism adopts kerberos certification
conf.set("hbase.security.authentication", "kerberos");
Whether //hbase opens security authorization mechanism
conf.set("hbase.security.authorization", "true");
The kerberos certification of //master principal name (be made up of three parts: service or user's name, instance name and
Domain name)
conf.set("hbase.master.kerberos.principal","hbase/_host@idap.com");
The principal name of the kerberos certification of //regionserver (is made up of three parts: service or user's name, Instance Name
Claim and domain name)
conf.set("hbase.regionserver.kerberos.principal","hbase/_host@idap.com");
The url configuration of //zookeeper cluster, multiple host middle comma () segmentation
conf.set("hbase.zookeeper.quorum","idap-agent-server.idap.com,idap-agent-
216.idap.com,idap-server-210.idap.com");
Configuration in the zoo.conf of //zookeeper.The port that client connects
conf.set("hbase.zookeeper.property.clientport", "2181");
The root znode of the hbase in //zookeeper
conf.set("zookeeper.znode.parent", "/hbase-secure");
if ("kerberos".equals(conf.get("hbase.security.authentication"))) {
// obtain kerberos Profile Path (krb is kerberos configuration file)
string krbstr = thread.currentthread().getcontextclassloader()
.getresource("krb5.conf").getfile();
// initial configuration file
system.setproperty("java.security.krb5.conf", krbstr);
// obtain user's bill (the keytab filename of oneself application need to be replaced with)
string keystr = thread.currentthread().getcontextclassloader()
.getresource("hbase.service.keytab").getfile();
// it is authenticated (the kerberos billing information of oneself application need to be replaced with) using bill and voucher
usergroupinformation.setconfiguration(conf);
usergroupinformation.loginuserfromkeytab(
"hbase/idap-server-210.idap.com@idap.com", keystr);
connect = connectionfactory.createconnection(conf);
}
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark associated component in operation cloud platform cluster,
There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants it is ensured that different tenant data simultaneously
Isolation, safety, motility etc..To tenant task scheduling can adopt hadoop yarn mechanism, simultaneously support internal memory with
The scheduling of cpu two spike-type cultivars and isolation;The task that tenant submits to, can adopt quartz framework, enter according to time order and function order
The timer-triggered scheduler of row task, maximized utilization cluster resource.
Claims (3)
1. under a kind of multi-tenant pattern kerberos identity authentication method it is characterised in that
Before user's execution task, first pass through certificate server certification oneself, obtain tgt;User passes through tgt to ticket authorisation service
The service ticket of access service asked by device, and kdc issues client after generating session key in the lump;Client
By service ticket to service authentication oneself, complete authentication.
2. method according to claim 1 it is characterised in that
Concretely comprise the following steps:
(1), the key of kerberos certification is put on reliable node in advance in clustered deploy(ment);When cluster runs, in cluster
Node obtain certification using key;Only certified node of crossing could normally use;
(2), after tenant's application big data cluster, server end is that each tenant generates in units of cluster and has timestamp
In unique mark keytab file, wherein hadoop cluster, each assembly can have corresponding keytab file;
(3) use under cloud platform it is possible to hold keytab file after, tenant obtains the keytab file of each assembly of cluster
Big data service;Before wherein to hdfs, hive, hbase, spark operation, need kinit order certification;
(4), big data assembly is operated;
(5), pass through step (3), (4) and can achieve hdfs, hbase, hive, spark assembly in operation cloud platform cluster, simultaneously
There is provided Data Share System between mathematical logic isolation and tenant to shared cluster for different tenants.
3. method according to claim 2 it is characterised in that
In step 3), before wherein hdfs, hive, hbase, spark being operated, need kinit order certification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610812123.4A CN106375323A (en) | 2016-09-09 | 2016-09-09 | Kerberos identity authentication method in multi-tenant mode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610812123.4A CN106375323A (en) | 2016-09-09 | 2016-09-09 | Kerberos identity authentication method in multi-tenant mode |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106375323A true CN106375323A (en) | 2017-02-01 |
Family
ID=57899444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610812123.4A Pending CN106375323A (en) | 2016-09-09 | 2016-09-09 | Kerberos identity authentication method in multi-tenant mode |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106375323A (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106656514A (en) * | 2017-03-02 | 2017-05-10 | 北京搜狐新媒体信息技术有限公司 | kerberos authentication cluster access method, SparkStandalone cluster, and driving node of SparkStandalone cluster |
CN107066867A (en) * | 2017-03-11 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of big data cluster resource allocation methods and device |
CN107147649A (en) * | 2017-05-11 | 2017-09-08 | 成都四象联创科技有限公司 | Data-optimized dispatching method based on cloud storage |
CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | The access control method of distributed storage under a kind of cloud environment |
CN108959952A (en) * | 2017-05-23 | 2018-12-07 | 中国移动通信集团重庆有限公司 | data platform authority control method, device and equipment |
CN108964900A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | A kind of modified Kerberos identity authorization system and method based on group key pond |
CN108964897A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | Identity authorization system and method based on group communication |
CN108964895A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | User-to-User identity authorization system and method based on group key pond and improvement Kerberos |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN109213584A (en) * | 2018-07-27 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Task executing method, device, electronic equipment and computer readable storage medium |
CN109617734A (en) * | 2018-12-25 | 2019-04-12 | 北京市天元网络技术股份有限公司 | Network operation capability analysis method and device |
CN109802927A (en) * | 2017-11-17 | 2019-05-24 | 航天信息股份有限公司 | A kind of security service providing method and device |
CN111597536A (en) * | 2020-05-19 | 2020-08-28 | 重庆第二师范学院 | Hadoop cluster kerberos high-availability authentication method |
CN112311830A (en) * | 2019-07-31 | 2021-02-02 | 华为技术有限公司 | Cloud storage-based Hadoop cluster multi-tenant authentication system and method |
CN112540830A (en) * | 2020-12-21 | 2021-03-23 | 广州华资软件技术有限公司 | Method for simultaneously supporting multiple Kerberos authentication in single JVM process |
CN113377454A (en) * | 2021-06-23 | 2021-09-10 | 浪潮云信息技术股份公司 | Method for realizing Flink dynamic connection Kerberos authentication component |
CN114745130A (en) * | 2022-04-02 | 2022-07-12 | 杭州玳数科技有限公司 | Authentication method and device for multiple KDC data sources |
CN115913793A (en) * | 2023-03-09 | 2023-04-04 | 浪潮电子信息产业股份有限公司 | Security authentication method, system, electronic device, distributed storage system, and medium |
CN116016624A (en) * | 2022-12-26 | 2023-04-25 | 浪潮云信息技术股份公司 | Method, device and equipment for calling Kerberos bill information |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296235A (en) * | 2008-06-13 | 2008-10-29 | 华为技术有限公司 | Computer network authentication method, system and server |
CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
CN104363095A (en) * | 2014-11-12 | 2015-02-18 | 浪潮(北京)电子信息产业有限公司 | Method for establishing hadoop identity authentication mechanism |
CN104754047A (en) * | 2015-03-26 | 2015-07-01 | 浪潮集团有限公司 | Cross-platform unified management method for cluster storage system users |
CN105740408A (en) * | 2016-01-28 | 2016-07-06 | 东软集团股份有限公司 | Hadoop cluster calling method and device |
-
2016
- 2016-09-09 CN CN201610812123.4A patent/CN106375323A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296235A (en) * | 2008-06-13 | 2008-10-29 | 华为技术有限公司 | Computer network authentication method, system and server |
CN102025748A (en) * | 2011-01-04 | 2011-04-20 | 深信服网络科技(深圳)有限公司 | Method, device and system for acquiring user name of Kerberos authentication mode |
CN104363095A (en) * | 2014-11-12 | 2015-02-18 | 浪潮(北京)电子信息产业有限公司 | Method for establishing hadoop identity authentication mechanism |
CN104754047A (en) * | 2015-03-26 | 2015-07-01 | 浪潮集团有限公司 | Cross-platform unified management method for cluster storage system users |
CN105740408A (en) * | 2016-01-28 | 2016-07-06 | 东软集团股份有限公司 | Hadoop cluster calling method and device |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106656514A (en) * | 2017-03-02 | 2017-05-10 | 北京搜狐新媒体信息技术有限公司 | kerberos authentication cluster access method, SparkStandalone cluster, and driving node of SparkStandalone cluster |
CN106656514B (en) * | 2017-03-02 | 2019-05-31 | 北京搜狐新媒体信息技术有限公司 | Kerberos authenticates cluster access method, SparkStandalone cluster and its driving node |
CN107066867A (en) * | 2017-03-11 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of big data cluster resource allocation methods and device |
CN107147649A (en) * | 2017-05-11 | 2017-09-08 | 成都四象联创科技有限公司 | Data-optimized dispatching method based on cloud storage |
CN108959952A (en) * | 2017-05-23 | 2018-12-07 | 中国移动通信集团重庆有限公司 | data platform authority control method, device and equipment |
CN108959952B (en) * | 2017-05-23 | 2020-10-30 | 中国移动通信集团重庆有限公司 | Data platform authority control method, device and equipment |
CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | The access control method of distributed storage under a kind of cloud environment |
CN109802927A (en) * | 2017-11-17 | 2019-05-24 | 航天信息股份有限公司 | A kind of security service providing method and device |
CN109802927B (en) * | 2017-11-17 | 2021-06-11 | 航天信息股份有限公司 | Security service providing method and device |
CN108964895A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | User-to-User identity authorization system and method based on group key pond and improvement Kerberos |
CN108964900A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | A kind of modified Kerberos identity authorization system and method based on group key pond |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN108964897A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | Identity authorization system and method based on group communication |
CN109067705B (en) * | 2018-06-28 | 2020-12-01 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on group communication |
CN108964900B (en) * | 2018-06-28 | 2021-03-02 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on group key pool |
CN109213584A (en) * | 2018-07-27 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Task executing method, device, electronic equipment and computer readable storage medium |
CN109617734A (en) * | 2018-12-25 | 2019-04-12 | 北京市天元网络技术股份有限公司 | Network operation capability analysis method and device |
CN109617734B (en) * | 2018-12-25 | 2021-12-07 | 北京市天元网络技术股份有限公司 | Network operation capability analysis method and device |
CN112311830B (en) * | 2019-07-31 | 2022-03-01 | 华为云计算技术有限公司 | Cloud storage-based Hadoop cluster multi-tenant authentication system and method |
CN112311830A (en) * | 2019-07-31 | 2021-02-02 | 华为技术有限公司 | Cloud storage-based Hadoop cluster multi-tenant authentication system and method |
CN111597536A (en) * | 2020-05-19 | 2020-08-28 | 重庆第二师范学院 | Hadoop cluster kerberos high-availability authentication method |
CN111597536B (en) * | 2020-05-19 | 2023-05-05 | 重庆第二师范学院 | Hadoop cluster kerberos high availability authentication method |
CN112540830A (en) * | 2020-12-21 | 2021-03-23 | 广州华资软件技术有限公司 | Method for simultaneously supporting multiple Kerberos authentication in single JVM process |
CN113377454A (en) * | 2021-06-23 | 2021-09-10 | 浪潮云信息技术股份公司 | Method for realizing Flink dynamic connection Kerberos authentication component |
CN114745130A (en) * | 2022-04-02 | 2022-07-12 | 杭州玳数科技有限公司 | Authentication method and device for multiple KDC data sources |
CN114745130B (en) * | 2022-04-02 | 2023-12-08 | 杭州玳数科技有限公司 | Authentication method and device for multi-KDC data source |
CN116016624A (en) * | 2022-12-26 | 2023-04-25 | 浪潮云信息技术股份公司 | Method, device and equipment for calling Kerberos bill information |
CN115913793A (en) * | 2023-03-09 | 2023-04-04 | 浪潮电子信息产业股份有限公司 | Security authentication method, system, electronic device, distributed storage system, and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106375323A (en) | Kerberos identity authentication method in multi-tenant mode | |
CN105577665B (en) | Identity and access control management system and method under a kind of cloud environment | |
CN107483491A (en) | The access control method of distributed storage under a kind of cloud environment | |
US20230370265A1 (en) | Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control | |
CN110597832A (en) | Government affair information processing method and device based on block chain network, electronic equipment and storage medium | |
WO2018213519A1 (en) | Secure electronic transaction authentication | |
TWI678909B (en) | Safety authentication method, device and system | |
US9143496B2 (en) | Device authentication using device environment information | |
CN104506487B (en) | The credible execution method of privacy policy under cloud environment | |
CN101277193A (en) | One-point entry and access system based on authentication service acting information facing to service architecture | |
DE112018005203T5 (en) | Authentication using delegated identities | |
CN109165500A (en) | A kind of single sign-on authentication system and method based on cross-domain technology | |
CN110557276B (en) | Block chain computer room management system based on Fabric architecture | |
CN108377200A (en) | Cloud user management method and system based on LDAP and SLURM | |
CN110198318A (en) | A kind of container service user authen method | |
CN111694743A (en) | Service system detection method and device | |
ShuLin et al. | Research on unified authentication and authorization in microservice architecture | |
CN108170510A (en) | A kind of managing computing resources system based on virtualization technology | |
Wang et al. | On-chain and off-chain collaborative management system based on consortium blockchain | |
CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof | |
CN104994086B (en) | A kind of control method and device of data-base cluster permission | |
Chen et al. | A self-sovereign decentralized identity platform based on blockchain | |
CN112291244A (en) | Multi-tenant method for industrial production data real-time processing platform system | |
CN114785526B (en) | Multi-user multi-batch weight distribution calculation and storage processing system based on block chain | |
Chen et al. | Design of web service single sign-on based on ticket and assertion |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170201 |
|
RJ01 | Rejection of invention patent application after publication |