CN113704724A - Method for realizing database login authentication based on Kerberos mechanism - Google Patents

Method for realizing database login authentication based on Kerberos mechanism Download PDF

Info

Publication number
CN113704724A
CN113704724A CN202111279611.0A CN202111279611A CN113704724A CN 113704724 A CN113704724 A CN 113704724A CN 202111279611 A CN202111279611 A CN 202111279611A CN 113704724 A CN113704724 A CN 113704724A
Authority
CN
China
Prior art keywords
authentication
client
server
user
kerberos
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111279611.0A
Other languages
Chinese (zh)
Other versions
CN113704724B (en
Inventor
赵伟
崔杰
姚铸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Nankai University General Data Technologies Co ltd
Original Assignee
Tianjin Nankai University General Data Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Nankai University General Data Technologies Co ltd filed Critical Tianjin Nankai University General Data Technologies Co ltd
Priority to CN202111279611.0A priority Critical patent/CN113704724B/en
Publication of CN113704724A publication Critical patent/CN113704724A/en
Application granted granted Critical
Publication of CN113704724B publication Critical patent/CN113704724B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for realizing database login authentication based on a Kerberos mechanism, which comprises two stages of preparation authentication and dynamic authentication, wherein a plug-in is called in the preparation authentication stage, the connection between Kerberos and a database is established, and a client side in the dynamic authentication stage sends a user name to a server side; the server analyzes the user name information, determines whether the user name information is in a Kerberos authentication mode, and if the user name information is in the Kerberos authentication mode, marks the user name information and sends related authentication data to the client; the client receives the authentication data to carry out client identity verification; after the verification is passed, the client side sends the authentication main body information of the server side to the KDC, and the KDC authenticates the identity legal information of both the client side and the server side; the client acquires the authorized bill certificate through the bill authorization service and then sends the authorized bill certificate to the server; the server decrypts the encrypted information to obtain the client information, and compares the client information with the client authentication identifier, if the client information is the same as the client authentication identifier, the login is successful, the kerberos authentication prevents the possibility of leakage of the login password, and the legality of the data requester and the legality of the data supplier are ensured.

Description

Method for realizing database login authentication based on Kerberos mechanism
Technical Field
The invention belongs to the field of database login access, and particularly relates to a method for realizing database login authentication based on a Kerberos mechanism.
Background
User login of a database is an important guarantee for security of a relational user, and how to make the process safer and more effective is a problem to be considered by database developers. Although Kerberos is a relatively sophisticated authentication method, no application scenario exists how to effectively combine the Kerberos with database users. The method has the advantages that the GBase8a MPP database user login and the Kerberos mechanism are effectively combined, the user safety of GBase8a MPP products is enhanced, and the user authentication performance is improved.
Disclosure of Invention
In view of this, the present invention aims to provide a method for implementing database login authentication based on a Kerberos mechanism, so as to solve the problem that an effective authentication manner is lacking in database user login, and improve the database user authentication performance.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method for realizing database login authentication based on a Kerberos mechanism is disclosed, wherein a database comprises a server side and a client side, and the method specifically comprises the following steps:
s1, preparing authentication, specifically comprising the following steps:
s11, the database calls a bill authorization service and an authentication mode Kerberos plug-in, and a plug-in-behavior relation is established;
s12, establishing a user-authentication mode relation table of the relation between the user and the client authentication identification in the service end system table;
s13, setting user-password files by a key distribution center KDC corresponding to a server and a client of Kerberos respectively;
s14, configuring parameters by the database server, wherein the parameters comprise a server authentication main body and a path where the user-password file is located, and storing the user-password file to the client and the server according to the path where the user-password file is located;
s2, dynamic authentication, which comprises the following steps:
s21, the client initiates a login request and sends the user name to the server;
s22, the database server analyzes the user name information, the server determines the authentication mode corresponding to the user name according to the user-authentication mode relation table, if the user name has the corresponding authentication mode, the server marks the authentication mode and sends the related authentication data to the client; if the user name has no corresponding authentication mode, the server side performs login authentication according to a default database user name password mode;
s23, the client receives the authentication data sent by the server and carries out client identity verification;
s24, after the identity verification of the client passes, the client sends the authentication main body information of the server to a key distribution center KDC, and the key distribution center KDC performs identity legal information authentication on both the client and the server;
s25, the bill authorization service center finds out the corresponding client authentication identification and authorized bill certificate from the database of the bill authorization service center according to the server authentication subject; the authorized bill certificate named is an authority certificate of a client for accessing a server;
s26, after receiving the client authorization ticket, the server decrypts to obtain the client information, compares the client information with the client authentication identifier taken from the system table, if the client information is the same as the client authorization ticket, the client authentication identifier is successful, otherwise, the login fails;
s27, the client sets up the cred buffer mechanism of the authorization ticket certificate, and the server is accessed by the cred buffer mechanism of the authorization ticket certificate within a certain time without verification and login, wherein the certain time refers to the failure time interval set by the configuration file of the server.
Further, in step S22, when the user name has a corresponding authentication method, the method for marking and sending the relevant authentication data to the client includes the following steps:
setting a Kerberos authentication mark for a server authentication mode corresponding to the user name, issuing the Kerberos authentication mark to the client, and sending an authentication main body of the server to the client;
the related authentication data comprises an authentication main body of the server and a user name with a Kerberos authentication mark.
Further, in step S23, the method for performing client authentication includes:
loading an authentication mode file on a client according to a user name, and executing an authentication service function auth _ func bound in the authentication mode file;
the authentication service function auth _ func is provided with a plurality of interfaces for verifying the identity of the client.
Further, in step S25, the authorized ticket document cred is the only way to access the database server, and the authorized ticket document cred includes the client authentication subject and a timestamp of the time when the authorized ticket document cred was obtained.
Further, in step S27, the expiration time interval is a subtraction between the timestamp of the authorized ticket cred and the login time, if the expiration time interval is smaller than the expiration time interval, the login is not verified, and if the expiration time interval is larger than the expiration time interval, the error is reported in the expiration, and the authorized ticket cred needs to be obtained again.
Further, in step S24, the specific method for the key distribution center KDC to authenticate the identity validity information of both the client and the server is as follows:
the method for the server side to authenticate the identity legal information comprises the following steps: when the plug-in-behavior relation is established, executing a user identity verification instruction, communicating with an authentication service to renew lease and keep the validity of a user, and periodically executing the user identity verification instruction according to a failure time interval;
the method for the client to authenticate the identity legal information comprises the following steps: manually executing a user identity verification instruction to verify the identity of the user at the client;
the user identity verification instruction is a key-t/path/gcluster.keytab gcluster.gbase.cn, wherein the keytab is generated when the user-authentication mode relation table is established and copied to the server.
Compared with the prior art, the method for realizing the database login authentication based on the Kerberos mechanism has the following beneficial effects:
(1) the method for realizing the database login authentication by the Kerberos mechanism deeply combines the Kerberos mechanism and the database login principle, ensures the login safety, realizes the verification-free login in a short period, and greatly improves the performance.
(2) The server and the client of the invention set different lease renewal execution modes according to different use condition requirements, thereby improving the use safety of the database.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a method for implementing database login authentication based on a Kerberos mechanism according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a method for implementing database login authentication based on a Kerberos mechanism, where the database is a GBase8a MPP database and includes a server and a client, includes the following specific steps:
s1, preparing authentication, specifically comprising the following steps:
s11, the database calls a bill authorization service and an authentication mode Kerberos plug-in, and a plug-in-behavior relation is established;
s12, establishing a user-authentication mode relation table of the relation between the user and the client authentication identification in the service end system table;
s13, setting user-password files by a key distribution center KDC corresponding to a server and a client of Kerberos respectively;
s14, configuring parameters by the database server, wherein the parameters comprise a server authentication main body and a path where the user-password file is located, and storing the user-password file and the user-password file to the client and the server according to the path where the user-password file is located;
s2, dynamic authentication, which comprises the following steps:
s21, the client initiates a login request and sends the user name to the server;
s22, the database server analyzes the user name information, the server determines the authentication mode corresponding to the user name according to the user-authentication mode relation table, if the user name has the corresponding authentication mode, the server marks the authentication mode and sends the related authentication data to the client; if the user name has no corresponding authentication mode, the server side performs login authentication according to a default database user name password mode;
s23, the client receives the authentication data sent by the server and carries out client identity verification;
s24, after the identity verification of the client passes, the client sends the authentication main body information of the server to a key distribution center KDC, and the key distribution center KDC performs identity legal information authentication on both the client and the server;
s25, the bill authorization service center finds out the corresponding client authentication identification and authorized bill certificate from the database of the bill authorization service center according to the server authentication subject; the authorized bill certificate named is an authority certificate of a client for accessing a server;
s26, after receiving the client authorization ticket, the server decrypts to obtain the client information, compares the client information with the client authentication identifier taken from the system table, if the client information is the same as the client authorization ticket, the client authentication identifier is successful, otherwise, the login fails;
s27, the client sets up the cred buffer mechanism of the authorization ticket certificate, and the server is accessed by the cred buffer mechanism of the authorization ticket certificate within a certain time without verification and login, wherein the certain time refers to the failure time interval set by the configuration file of the server.
In step S1, the method for calling the authentication method Kerberos plug-in to the server and the client respectively is as follows:
establishing a specific behavior of a kerberos authentication mode at a server, and executing an instruction of 'install plug in kerberos name' krb-server.
And directly splicing library file names into dynamic loading execution at the client according to the authentication mode names returned by the server.
In step S22, the method of marking and sending the relevant authentication data to the client is as follows:
setting a Kerberos authentication mark for a server authentication mode corresponding to the user name, issuing the Kerberos authentication mark to the client, and sending an authentication main body of the server to the client;
the related authentication data comprises an authentication main body of the server and a user name with a Kerberos authentication mark.
In step S23, the method for performing client authentication includes:
loading an authentication mode so file on a client according to a user name, and executing an authentication service function auth _ func bound in the authentication mode so file;
the authentication service function auth _ func is provided with a plurality of interfaces for verifying the identity of the client.
In step S25, the authorized ticket cred may be the only way to access the database server, and the authorized ticket cred includes the client authentication subject and the time stamp of the time when the authorized ticket cred is acquired.
In step S27, the expiration time interval is the subtraction of the timestamp of the credited certificate and the login time, if the expiration time interval is smaller than the expiration time interval, the login is not verified, and if the expiration time interval is larger than the expiration time interval, the error report is failed, and the credited certificate of the credited certificate needs to be obtained again.
In step S24, the specific method for the key distribution center KDC to authenticate the identity validity information for both the client and the server is as follows:
the method for the server side to authenticate the identity legal information comprises the following steps: when the plug-in-behavior relation is established, executing a user identity verification instruction, communicating with an authentication service to renew lease and keep the validity of a user, and periodically executing the user identity verification instruction according to a failure time interval;
the method for the client to authenticate the identity legal information comprises the following steps: manually executing a user identity verification instruction to verify the identity of the user at the client;
the user identity verification instruction is a key-t/path/gcluster.keytab gcluster.gbase.cn, wherein the keytab is generated when the user-authentication mode relation table is established and copied to the server.
The instructions are executed periodically according to the failure time interval in order to ensure that the server side does not expire, and the instructions can be executed once a day;
in order to ensure absolute safety, the client cannot periodically execute the instruction of reletting, otherwise, a certain machine can be always used after one-time authentication, so that the mode of manually executing the instruction is adopted.
When Kerberos logs in, a key distribution center KDC has the following cooperation relationship between a user side and a server side:
step1, the client sends ip and user name to the server to request session link, the server uses the user name sent by the client to inquire whether the user exists in the user-authentication mode relation table of the database, and confirms that the user authentication mode is kerberos.
And Step2, after the Step1 confirms, the server returns the authentication body of the server to the client, and the client sends the authentication body of the client and the authentication body of the server to the KDC together. The key distribution center KDC returns the authorized ticket voucher seed to the client.
Note that: the content of the above key distribution center KDC returning the authorized ticket voucher seed to the client includes the following:
(1) session key (the content of the communication is encrypted with the subsequent communication with the server and client, and the session key is encrypted using the master key of the server.)
(2) Authorized ticket voucher crid (contains information of the client such as the client's authentication body and ticket timestamp, the contents of the ticket being encrypted using the session key).
Step 3: the client sends the authorized ticket certificate cred to the server, the server verifies the authorized ticket certificate cred sent by the client, extracts the authentication subject information of the client from the authorized ticket certificate cred, inquires whether the authentication subject of the client exists in a system table of a database, and returns an authentication result.
The server side decrypts the session key by using the own master key to obtain the available session key. And decrypting the authorized ticket certificate secret sent by the client by using the decrypted session key to obtain the client authentication main body.
Step 4: end of authentication
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (6)

1. A method for realizing database login authentication based on a Kerberos mechanism is disclosed, wherein the database is a GBase8a MPP database and comprises a server and a client, and the method is characterized by comprising the following specific steps:
s1, preparing authentication, specifically comprising the following steps:
s11, the database calls a bill authorization service and an authentication mode Kerberos plug-in, and a plug-in-behavior relation is established;
s12, establishing a user-authentication mode relation table of the relation between the user and the client authentication identification in the service end system table;
s13, setting user-password files by a key distribution center KDC corresponding to a server and a client of Kerberos respectively;
s14, configuring parameters by the database server, wherein the parameters comprise a server authentication main body and a path where the user-password file is located, and storing the user-password file to the client and the server according to the path where the user-password file is located;
s2, dynamic authentication, which comprises the following steps:
s21, the client initiates a login request and sends the user name to the server;
s22, the database server analyzes the user name information, the server determines the authentication mode corresponding to the user name according to the user-authentication mode relation table, if the user name has the corresponding authentication mode, the server marks the user name and sends the related authentication data to the client; if the user name has no corresponding authentication mode, the server side performs login authentication according to a default database user name password mode;
s23, the client receives the authentication data sent by the server and carries out client identity verification;
s24, after the identity verification of the client passes, the client sends the authentication main body information of the server to a key distribution center KDC, and the key distribution center KDC performs identity legal information authentication on both the client and the server;
s25, the bill authorization service center finds out the corresponding client authentication identification and authorized bill certificate from the database of the bill authorization service center according to the server authentication subject; the authorized bill certificate named is an authority certificate of a client for accessing a server;
s26, after receiving the client authorization ticket, the server decrypts to obtain the client information, compares the client information with the client authentication identifier taken from the system table, if the client information is the same as the client authorization ticket, the client authentication identifier is successful, otherwise, the login fails;
s27, the client sets up the cred buffer mechanism of the authorization ticket certificate, and the server is accessed by the cred buffer mechanism of the authorization ticket certificate within a certain time without verification and login, wherein the certain time refers to the failure time interval set by the configuration file of the server.
2. The method for realizing database login authentication based on the Kerberos mechanism as claimed in claim 1, wherein: in step S22, when the user name has a corresponding authentication method, the method of marking and sending the relevant authentication data to the client is as follows:
setting a Kerberos authentication mark for a server authentication mode corresponding to the user name, issuing the Kerberos authentication mark to the client, and sending an authentication main body of the server to the client;
the related authentication data comprises an authentication main body of the server and a user name with a Kerberos authentication mark.
3. The method for realizing database login authentication based on the Kerberos mechanism as claimed in claim 1, wherein: in step S23, the method for performing client authentication includes:
loading an authentication mode file on a client according to a user name, and executing an authentication service function auth _ func bound in the authentication mode file;
the authentication service function auth _ func is provided with a plurality of interfaces for verifying the identity of the client.
4. The method for realizing database login authentication based on the Kerberos mechanism as claimed in claim 1, wherein: in step S25, the authorized ticket cred may be the only way to access the database server, and the authorized ticket cred includes the client authentication subject and the time stamp of the time when the authorized ticket cred is acquired.
5. The method for realizing database login authentication based on the Kerberos mechanism as claimed in claim 1, wherein: in step S27, the expiration time interval is the subtraction between the timestamp of the authorized ticket cred and the login time, if the expiration time interval is smaller than the expiration time interval, the login is not verified, and if the expiration time interval is larger than the expiration time interval, the error is reported in the case of expiration, and the authorized ticket cred needs to be obtained again.
6. The method for realizing database login authentication based on the Kerberos mechanism as claimed in claim 1, wherein: in step S24, the specific method for the key distribution center KDC to authenticate the identity validity information for both the client and the server is as follows:
the method for the server side to authenticate the identity legal information comprises the following steps: when the plug-in-behavior relation is established, executing a user identity verification instruction, communicating with an authentication service to renew lease and keep the validity of a user, and periodically executing the user identity verification instruction according to a failure time interval;
the method for the client to authenticate the identity legal information comprises the following steps: manually executing a user identity verification instruction to verify the identity of the user at the client;
the user identity verification instruction is a key-t/path/gcluster.keytab gcluster.gbase.cn, wherein the keytab is generated when the user-authentication mode relation table is established and copied to the server.
CN202111279611.0A 2021-11-01 2021-11-01 Method for realizing database login authentication based on Kerberos mechanism Active CN113704724B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111279611.0A CN113704724B (en) 2021-11-01 2021-11-01 Method for realizing database login authentication based on Kerberos mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111279611.0A CN113704724B (en) 2021-11-01 2021-11-01 Method for realizing database login authentication based on Kerberos mechanism

Publications (2)

Publication Number Publication Date
CN113704724A true CN113704724A (en) 2021-11-26
CN113704724B CN113704724B (en) 2022-01-11

Family

ID=78647553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111279611.0A Active CN113704724B (en) 2021-11-01 2021-11-01 Method for realizing database login authentication based on Kerberos mechanism

Country Status (1)

Country Link
CN (1) CN113704724B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114745130A (en) * 2022-04-02 2022-07-12 杭州玳数科技有限公司 Authentication method and device for multiple KDC data sources
CN115114604A (en) * 2022-07-26 2022-09-27 如皋市规划建筑设计院有限公司 Internet-based building design dynamic process management system
CN115834451A (en) * 2022-11-11 2023-03-21 超聚变数字技术有限公司 Software login testing method and related device
CN116015955A (en) * 2023-01-04 2023-04-25 三峡高科信息技术有限责任公司 Configurable method for verifying validity security of uploading file in application system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster
US10454915B2 (en) * 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
US10489574B2 (en) * 2008-12-30 2019-11-26 Intel Corporation Method and system for enterprise network single-sign-on by a manageability engine
CN112035820A (en) * 2020-07-22 2020-12-04 北京中安星云软件技术有限公司 Data analysis method used in Kerberos encryption environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10489574B2 (en) * 2008-12-30 2019-11-26 Intel Corporation Method and system for enterprise network single-sign-on by a manageability engine
US10454915B2 (en) * 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster
CN112035820A (en) * 2020-07-22 2020-12-04 北京中安星云软件技术有限公司 Data analysis method used in Kerberos encryption environment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114745130A (en) * 2022-04-02 2022-07-12 杭州玳数科技有限公司 Authentication method and device for multiple KDC data sources
CN114745130B (en) * 2022-04-02 2023-12-08 杭州玳数科技有限公司 Authentication method and device for multi-KDC data source
CN115114604A (en) * 2022-07-26 2022-09-27 如皋市规划建筑设计院有限公司 Internet-based building design dynamic process management system
CN115834451A (en) * 2022-11-11 2023-03-21 超聚变数字技术有限公司 Software login testing method and related device
CN116015955A (en) * 2023-01-04 2023-04-25 三峡高科信息技术有限责任公司 Configurable method for verifying validity security of uploading file in application system
CN116015955B (en) * 2023-01-04 2023-12-01 三峡高科信息技术有限责任公司 Configurable method for verifying validity security of uploading file in application system

Also Published As

Publication number Publication date
CN113704724B (en) 2022-01-11

Similar Documents

Publication Publication Date Title
CN113704724B (en) Method for realizing database login authentication based on Kerberos mechanism
US7752434B2 (en) System and method for secure communication
US8307413B2 (en) Personal token and a method for controlled authentication
EP1486025B1 (en) System and method for providing key management protocol with client verification of authorization
CN112822675B (en) MEC environment-oriented OAuth 2.0-based single sign-on mechanism
CN101515932B (en) Method and system for accessing Web service safely
CN109981561A (en) Monomer architecture system moves to the user authen method of micro services framework
US7640430B2 (en) System and method for achieving machine authentication without maintaining additional credentials
US7823192B1 (en) Application-to-application security in enterprise security services
CN109672675B (en) OAuth 2.0-based WEB authentication method of password service middleware
CN102265255A (en) Method and system for providing a federated authentication service with gradual expiration of credentials
EP2255507A2 (en) A system and method for securely issuing subscription credentials to communication devices
KR20090057586A (en) Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network
US11777743B2 (en) Method for securely providing a personalized electronic identity on a terminal
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
CN106713279A (en) Video terminal identity authentication system
JP2014157480A (en) Information processor, program, and control method
CN112260838A (en) Automatic renewal authentication method based on JWT (just-before-last-transaction)
JP6571890B1 (en) Electronic signature system, certificate issuing system, certificate issuing method and program
WO2018187960A1 (en) Method and system for managing and controlling root permission
CN114697061A (en) Access control method and device, network side equipment, terminal and block link point
CN115134154A (en) Authentication method and device, and method and system for remotely controlling vehicle
JP6465426B1 (en) Electronic signature system, certificate issuing system, key management system, and electronic certificate issuing method
TWI657350B (en) APP certification system and method
CN114615309B (en) Client access control method, device, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant