WO2014067284A1 - Cross-domain controller authentication method, apparatus, and host - Google Patents

Cross-domain controller authentication method, apparatus, and host Download PDF

Info

Publication number
WO2014067284A1
WO2014067284A1 PCT/CN2013/075910 CN2013075910W WO2014067284A1 WO 2014067284 A1 WO2014067284 A1 WO 2014067284A1 CN 2013075910 W CN2013075910 W CN 2013075910W WO 2014067284 A1 WO2014067284 A1 WO 2014067284A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
information
domain
authentication
domain controller
Prior art date
Application number
PCT/CN2013/075910
Other languages
French (fr)
Chinese (zh)
Inventor
吴剑
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014067284A1 publication Critical patent/WO2014067284A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of network authentication technologies, and in particular, to an authentication method, apparatus, and host for a cross-domain controller.
  • the management and operation of modern enterprises and institutions are inseparable from computers and local area networks.
  • enterprises use the network to conduct regular office management and operations, they will generate daily business documents, drawing documents and other business data and personal documents.
  • the NAS (Network Attached Storage) network storage server is the ideal storage device described above.
  • the NAS Network Storage Server is a specially designed file storage and backup server that manages data in the network reasonably, efficiently, and securely, and can be used as a backup device to automatically back up databases and other application data to the NAS from time to time. .
  • CIFS Common Internet File System
  • local user authentication means that when the user logs in, the user's authority is completely authenticated by the CIFS server itself. It does not need to go through the third party's certification authority, which is a relatively simple authentication method.
  • the domain controller user authentication method is used.
  • the domain controller user authentication mode means that when a client user logs in, the user's authority is authenticated by a third-party certification authority, which is a relatively complicated authentication method.
  • the existing domain controller user authentication method is as follows:
  • Each node on the clustered NAS joins different domain controllers. Different domain controllers perform user authentication on the nodes that are added to the domain, so that each node uses an independent domain controller to implement independent access control.
  • the technical problems brought by this program are:
  • the configuration is complicated, and each node on the cluster needs to be added to a different domain controller.
  • the network on the group is more complicated.
  • a user on a domain controller can only perform user authentication by the domain controller to which the currently logged-in node joins, but cannot authenticate with the domain controller, and thus cannot satisfy the domain controller's access to shared resources on other domain controller nodes. demand. Summary of the invention
  • the first aspect of the present application provides an authentication method for a cross-domain controller, which is applied to multiple domain controllers and multiple nodes.
  • the method includes:
  • the first node obtains the authentication information, where the authentication information includes the domain information of the target domain controller; the first node determines whether the authentication information meets the domain information of the domain controller to which the node is joined, and if not, the following:
  • the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
  • the second node is a node that joins the second domain controller.
  • the second domain controller that is in compliance with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node, including:
  • the first node forwards the authentication information to the second node, and the second domain controller performs authentication, and the second domain controller feeds the authentication result to the second node, where the second node The authentication result is fed back to the first node.
  • the authenticating information is forwarded to a second node, and the second domain controller that is joined by the second node performs Certification, including:
  • the domain information of the domain controller corresponding to the domain information of the target domain controller is searched in a preset control table, where the preset control table includes: node information, domain control of the node to which the node information belongs Domain information of the device; Finding, according to the domain information of the domain controller, the matched node information in the preset control table, where the matched node information is the second node information;
  • the second domain controller that is in compliance with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node, including:
  • All nodes in the cluster determine whether the domain information of the domain controller to which they join meets the authentication information. If yes, the node is the second node, and the second node obtains feedback of the domain controller to which it joins. The result of the authentication, and the feedback result is sent to the first node.
  • a second aspect of the present invention provides an authentication device for a cross-domain controller, the device comprising a first node, a second node, and a second pre-controller:
  • the first node obtains the authentication information, where the authentication information includes the domain information of the target domain controller; the first node determines whether the authentication information meets the domain information of the domain controller to which the node is joined, and if not, Then:
  • the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
  • the second node is a node that joins the second domain controller.
  • the first node includes a forwarding unit and a feedback unit
  • the forwarding unit forwards the authentication information to the second node, and the second domain controller performs authentication, and the second domain controller feeds back the authentication result to the feedback unit, where the feedback unit The authentication result is fed back to the first node.
  • the forwarding unit includes a first searching module, a second searching module, and a sending module:
  • the first searching module is configured to search, in a preset control table, domain information of a domain controller corresponding to the domain information of the target domain controller, and transmit the domain information of the domain controller to the searched domain controller Giving the second search module, wherein the preset control table includes: node information, a section The domain information of the domain controller to which the node to which the point information belongs is added;
  • the second search module is configured to receive the domain information of the domain controller from the first search module, and obtain domain information of the domain controller according to the search, and find the domain information in the preset control table. Matching node information, the matched node information is second node information, and transmitting the second node information to the sending module;
  • the sending module is configured to receive the second node information from the second search module, and forward the authentication information to the second node according to the second node information, where the second node joins The second domain controller performs authentication.
  • the first node includes a broadcast unit
  • the broadcast unit is configured to broadcast the authentication information to all nodes in the cluster; all nodes in the cluster determine whether the domain information of the domain controller to which they join meets the authentication information, and if so, The node is the second node, and the second node obtains the authentication result fed back by the domain controller that it joins, and sends the feedback result to the first node.
  • a third aspect of the present invention provides a host, the host including a processor, a communication interface, a memory, and a bus;
  • processor, the communication interface, and the memory complete communication with each other through the bus;
  • the communication interface is configured to acquire authentication information, and transmit the authentication information to the processor;
  • the processor is configured to execute a program;
  • the memory is configured to store a program
  • the program is used to:
  • the authentication information includes domain information of a target domain controller
  • the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
  • the second node is a node that joins the second domain controller.
  • the embodiment of the present application can implement the authentication of the cross-domain controller, thereby satisfying The need for domain-controlled users to access shared resources on other domain controller nodes.
  • FIG. 1 is a schematic flowchart of a cross-domain controller authentication method according to an embodiment of the present disclosure
  • FIG. 2 is a timing diagram of a cross-domain controller authentication method according to an embodiment of the present application
  • FIG. 4 is a schematic diagram of a method for authenticating a cross-domain controller according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a cross-domain controller authentication method according to an embodiment of the present application
  • FIG. 6 is a schematic structural diagram of a first node shown in an embodiment of the present application;
  • FIG. 7 is a schematic structural diagram of a host shown in an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a program 732 shown in an embodiment of the present application. detailed description
  • FIG. 1 a schematic flowchart of an embodiment of an authentication method of a cross-domain controller according to the present application is shown, where the method includes:
  • Step 110 The first node obtains the authentication information.
  • the authentication information contains the domain information of the target domain controller.
  • Step 120 The first node determines whether the authentication information meets the domain information of the domain controller to which the node is added. If the information does not match, step 130 is performed.
  • the embodiment of the present application discloses an authentication method for a cross-domain controller, which is applied to multiple domain controllers and devices of multiple nodes.
  • the domain controller authenticates the nodes that are added to the domain, and it is necessary to explain that the foregoing
  • the first node does not specifically refer to a certain node, but is added to any one of a plurality of nodes of a domain controller.
  • the above-mentioned domain controller is assumed to be the first domain controller, and is not specifically referred to.
  • the user logs in through the first node, enters the authentication information, and the domain information of the target domain controller.
  • the authentication information includes domain information, a username, and a password of the target domain controller, and the domain information includes at least: a domain IP address and a domain name.
  • Step 130 The second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node.
  • the second node is a node that joins the second domain controller.
  • an embodiment of the present application discloses an authentication method for a cross-domain controller, which is applied to a cluster network-connected storage NAS.
  • the clustered NAS includes multiple domain controllers and multiple nodes, and the domain controller pair is added to the domain.
  • the node is authenticated.
  • the embodiment of the present application is described by taking a node in the clustered NAS as an example:
  • Step 210 The first node acquires authentication information.
  • the authentication information contains the domain information of the target domain controller.
  • the user inputs the authentication information through the first node in the clustered NAS, and requests to log in to access the resource information on the node, where the authentication information includes the domain information, the user name, and the password of the target domain controller, and the domain information of the target domain controller is at least Includes: Domain IP address and domain name.
  • Step 220 The first node determines whether the authentication information meets the domain information of the domain controller to which the node joins. If not, proceed to step 230:
  • Step 230 The first node forwards the authentication information to the second node, where the second domain controller performs authentication, and the second domain controller feeds the authentication result to the second node, and the second node feeds back the authentication result to the first node.
  • the first node forwards the authentication information to the second node, and the second domain controller that is added by the second node performs authentication, and may include:
  • the domain information of the controller may be preset in the cluster NAS, and the node information of the node joining the domain controller and the domain information of the domain controller to which the node information belongs are synchronized to the control table, in the cluster NAS All nodes can find the node information of the domain controller that is joined to the domain controller according to the domain information of the domain controller in the control table, and find the node that joins the domain controller according to the node information.
  • step 220 if the first node determines that the authentication information conforms to the domain information of the domain controller to which the node is joined, then the domain controller joined by the node performs authentication, and the domain controller joined by the node It contains a database consisting of the IP address of this domain, the domain name, the user name and password of the computer belonging to this domain.
  • the domain controller first needs to identify whether the computer belongs to this domain. The user enters the domain name in the authentication information, whether the username exists, and whether the password is correct. If the above information is incorrect, the domain controller will refuse the user to log in from this computer. If the user cannot log in, the user cannot access the resources protected by the server, which protects the network to a certain extent. Resources.
  • Step 310 The node sends a negotiation negotiate request to a Common Internet File System (CIFS) server.
  • CIFS Common Internet File System
  • the node Before establishing a CIFS connection, the node sends a negotiation request to the CIFS server.
  • the CIFS server finally negotiates some important parameters of the communication between the two parties according to its implementation.
  • Step 320 The CIFS server generates a random password of a random number and sends the random password to the node.
  • NTLM New Technology LAN Manager
  • Step 340 The CIFS server sends the username, the random password, and the first response to the domain controller. Request a domain controller for authentication.
  • Step 350 The domain controller calculates the second response according to the random password, the user name, and the real password of the user on the domain controller, and compares with the first response sent by the CIFS server, and the same. If the authentication is successful, the authentication fails, and the authentication result is returned to the CIFS server.
  • step 330 refers to the calculation using a user name, a random password, and a real password of the user on the domain.
  • Step 360 The CIFS server finally returns the authentication result to the node.
  • the shared access is performed on the clustered NAS through the CIFS protocol, so that users on different domain controllers can read and write shared files on different nodes through each node on the cluster.
  • the permissions of different departments of a company are controlled by different domain controllers, but different departments have access rights to the same share.
  • the problem is that the CIFS server used by each NAS vendor is samba. Samba cannot implement the same node to join different domain controllers.
  • various versions of Windows cannot implement operations for joining multiple domain controllers.
  • the second domain controller that is consistent with the authentication information performs the authentication, and the authentication result is fed back to the first node by using the second node, which may include:
  • All the nodes in the cluster determine whether the domain information of the domain controller they join meets the authentication information. If yes, the node is the second node, and the second node obtains the authentication result fed back by the domain controller that it joins, and the feedback result is obtained. Send to the first node.
  • the domain controller that is joined by other nodes can perform authentication to achieve the purpose of accessing the resources on the first node, and also reduce the domain. The risk that the controller will not be able to log in.
  • a backup domain controller may also be established for the domain controller of each node, thereby further reducing the risk that the domain controller may not be able to log in.
  • FIG. 5 corresponding to the foregoing method embodiment, the embodiment of the present application further discloses a cross-domain.
  • An authentication device of the controller the device comprising a first node 510, a second node 520 and a second pre-controller 530:
  • the first node 510 obtains the authentication information, and the authentication information includes the domain information of the target domain controller. The first node 510 determines whether the authentication information conforms to the domain information of the domain controller to which the node joins. If not, the following:
  • the second domain controller 530 which is in compliance with the authentication information, performs authentication, and the authentication result is fed back to the first node 510 through the second node 520;
  • the second node 520 is a node that joins the second domain controller 530.
  • the first node 510 includes a forwarding unit 511 and a feedback unit 512; the forwarding unit 511 forwards the authentication information to the second node 520, and the second domain controller 530 performs authentication, and the second domain controller 530 The authentication result is fed back to the feedback unit 512, and the feedback unit 512 feeds back the authentication result to the first node 510.
  • the forwarding unit 511 includes a first searching module, a second searching module, and a sending module.
  • the first searching module is configured to search, in a preset control table, a domain of the domain controller corresponding to the domain information of the target domain controller. Information, and transmitting the domain information of the domain controller to the second search module, where the preset control table includes: node information, domain information of the domain controller to which the node to which the node information belongs;
  • a second search module configured to receive domain information of the domain controller from the first search module, and obtain the matching node information in the preset control table according to the domain information of the domain controller obtained by the search, and the matched node information is Second node information, and transmitting the second node information to the sending module;
  • the sending module is configured to receive the second node information from the second search module, and forward the authentication information to the second node according to the second node information, and perform authentication by the second domain controller that is added by the second node.
  • the first node may include a broadcast unit
  • the broadcast unit is configured to broadcast the authentication information to all nodes in the cluster;
  • an embodiment of the present invention provides a schematic diagram of a host 700.
  • the host 700 may be a host server that includes computing power, or a personal computer PC, or a portable computer or terminal that can be carried.
  • the specific embodiment of the present invention does not limit the specific implementation of the host.
  • the host 700 includes:
  • a processor 710 a communications interface 720, a memory 730, and a bus 740.
  • the processor 710, the communication interface 720, and the memory 730 complete communication with each other via the bus 740.
  • the communication interface 720 is configured to obtain authentication information, and transmit the authentication information to the processor 710.
  • the processor 710 is configured to execute the program 732.
  • program 732 can include program code, the program code including computer operating instructions.
  • Processor 710 may be a central processing unit CPU or a specific integrated circuit ASIC
  • the memory 730 is configured to store the program 732.
  • Memory 730 may include high speed RAM memory and may also include non-volatile memory, such as at least one disk storage.
  • Program 732 can be specifically used to:
  • the authentication information includes domain information of the target domain controller
  • the second domain controller corresponding to the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
  • the second node is a node that joins the second domain controller.
  • the program 732 may include:
  • the first node 510 obtains the authentication information, and the authentication information includes the domain information of the target domain controller.
  • the first node 510 determines whether the authentication information meets the domain information of the domain controller to which the node joins. If not, the following:
  • the second domain controller 530 which is in compliance with the authentication information, performs authentication, and the authentication result is fed back to the first node 510 through the second node 520;
  • the second node 520 is a node that joins the second domain controller 530.
  • each node and the pre-controller in the program 732 refer to the corresponding units in the foregoing embodiment, and details are not described herein.
  • a person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the device, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
  • the disclosed apparatus, apparatus, and methods may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another device, or some features can be ignored, or not executed.
  • the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some communication interface, device or unit, and may be in electrical, mechanical or other form.
  • the components displayed by the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present invention may contribute to the prior art or part of the technical solution. Illustrated in the form of a software product stored in a storage medium, comprising instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the embodiments of the present invention. All or part of the steps of the method.
  • the foregoing storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Embodiments of the present application disclose a cross-domain controller authentication method and apparatus, and a host, which are applied in multiple domain controllers and a multi-node system. The method comprises: a first node obtaining authentication information, the authentication information comprising domain information of a target domain controller; the first node determining whether the authentication information is in accordance with domain information of a domain controller the node joins; and if not, a second domain controller in accordance with the domain information performing the authentication, the authentication result being fed back to the first node by using the second node, and the second node being a node adding the second domain controller. Because the second domain controller in accordance with the domain information performs the authentication and the authentication result is fed back, by using the second node, to the first node, the embodiments of the present invention can implement the cross-domain controller authentication, thereby meeting requirements of a domain controlled user for accessing a shared resource on another domain controller node.

Description

一种跨域控制器认证的方法、 装置及主机 本申请要求于 2012 年 10 月 31 日提交中国专利局、 申请号为 201210427606.4、 发明名称为"一种跨域控制器认证的方法、 装置及主机,,的中 国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域  Method, device and host for cross-domain controller authentication The present application claims to be submitted to the Chinese Patent Office on October 31, 2012, the application number is 201210427606.4, and the invention name is "a method, device and host for cross-domain controller authentication". The priority of the Chinese patent application is hereby incorporated by reference in its entirety.
本发明涉及网络认证技术领域, 更具体地说, 涉及一种跨域控制器的认证 方法、 装置及主机。  The present invention relates to the field of network authentication technologies, and in particular, to an authentication method, apparatus, and host for a cross-domain controller.
背景技术 Background technique
现代企事业单位的管理和运作离不开计算机和局域网,企业在利用网络进 行曰常办公管理和运作时,会产生日常办公文件、 图纸文件等企业业务数据资 料以及个人的许多文档资料。要使整个企事业单位内部的数据得到统一管理和 安全应用, 就必须有一个安全、 性价比好、 应用方便、 管理简单的存储装置来 存储和备份企业内部的数据资料。 NAS ( Network Attached Storage ) 网络存储 服务器就是上述理想的存储装置。 NAS 网络存储服务器是一款特殊设计的文 件存储和备份服务器,它能够将网络中的数据资料合理有效、安全地管理起来, 并且可以作为备份设备将数据库和其它的应用数据时时自动备份到 NAS上。  The management and operation of modern enterprises and institutions are inseparable from computers and local area networks. When enterprises use the network to conduct regular office management and operations, they will generate daily business documents, drawing documents and other business data and personal documents. In order to achieve unified management and security application of data within the entire enterprise, there must be a storage device that is safe, cost-effective, easy to use, and simple to manage to store and back up data within the enterprise. The NAS (Network Attached Storage) network storage server is the ideal storage device described above. The NAS Network Storage Server is a specially designed file storage and backup server that manages data in the network reasonably, efficiently, and securely, and can be used as a backup device to automatically back up databases and other application data to the NAS from time to time. .
目前, 对于 NAS 广泛使用的网络文件装置共享协议是 CIFS ( Common Internet File System,通用因特网文件装置 ) , CIFS对于用户的权限认证有两种: 一种是本地用户认证, 另一种是域控制器用户认证。本地用户认证是指客户端 用户登陆时, 用户的权限完全由 CIFS服务器本身来进行认证, 不需要经过第 三方的认证机构,是一种比较简单的认证方式。而为了使用户的认证更加安全, 多使用的是域控制器用户认证方式。域控制器用户认证方式是指客户端用户登 陆时,用户的权限由第三方的认证机构进行认证,是一种比较复杂的认证方式。  Currently, the network file device sharing protocol widely used by NAS is CIFS (Common Internet File System). There are two types of CIFS authentication for users: one is local user authentication, and the other is domain controller. User Authentication. Local user authentication means that when the user logs in, the user's authority is completely authenticated by the CIFS server itself. It does not need to go through the third party's certification authority, which is a relatively simple authentication method. In order to make the user's authentication more secure, the domain controller user authentication method is used. The domain controller user authentication mode means that when a client user logs in, the user's authority is authenticated by a third-party certification authority, which is a relatively complicated authentication method.
如图 1所示: 现有的域控制器用户认证方式如下:  As shown in Figure 1: The existing domain controller user authentication method is as follows:
集群 NAS上每一个节点加入不同的域控制器, 不同的域控制器对加入到 其域内的节点进行用户认证,从而实现每个节点使用独立的域控制器来实现独 立的权限控制。 该方案带来的技术问题是: Each node on the clustered NAS joins different domain controllers. Different domain controllers perform user authentication on the nodes that are added to the domain, so that each node uses an independent domain controller to implement independent access control. The technical problems brought by this program are:
配置复杂, 需要集群 NAS上每一个节点加入不同的域控制器, 在组网上 较为复杂。  The configuration is complicated, and each node on the cluster needs to be added to a different domain controller. The network on the group is more complicated.
某一域控制器上的用户,只能由当前登录的节点所加入的域控制器进行用 户认证, 而不能跨域控制器认证, 进而不能满足域控用户访问其他域控制器节 点上共享资源的需求。 发明内容  A user on a domain controller can only perform user authentication by the domain controller to which the currently logged-in node joins, but cannot authenticate with the domain controller, and thus cannot satisfy the domain controller's access to shared resources on other domain controller nodes. demand. Summary of the invention
有鉴于此, 为了解决域控制器上的用户不能跨域控制器认证的问题, 本申 请第一方面提供了一种跨域控制器的认证方法,应用于多个域控制器以及多个 节点的系统, 该方法包括:  In view of the above, in order to solve the problem that a user on a domain controller cannot be authenticated across a domain controller, the first aspect of the present application provides an authentication method for a cross-domain controller, which is applied to multiple domain controllers and multiple nodes. System, the method includes:
第一节点获取认证信息, 所述认证信息包含目标域控制器的域信息; 第一节点判断所述认证信息是否符合本节点所加入的域控制器的域信息, 如果不相符, 则:  The first node obtains the authentication information, where the authentication information includes the domain information of the target domain controller; the first node determines whether the authentication information meets the domain information of the domain controller to which the node is joined, and if not, the following:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点;  And the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。  The second node is a node that joins the second domain controller.
结合第一方面, 在第一方面的第一种可能的实现方式中,  In conjunction with the first aspect, in a first possible implementation of the first aspect,
所述与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节 点反馈给所述第一节点, 包括:  The second domain controller that is in compliance with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node, including:
所述第一节点将所述认证信息转发至第二节点,由所述第二域控制器进行 认证, 所述第二域控制器将认证结果反馈给所述第二节点, 所述第二节点将所 述认证结果反馈给所述第一节点。  The first node forwards the authentication information to the second node, and the second domain controller performs authentication, and the second domain controller feeds the authentication result to the second node, where the second node The authentication result is fed back to the first node.
结合第一方面的第一种可能的实现方式,在第二种可能的实现方式中, 所 述将所述认证信息转发至第二节点,由所述第二节点加入的第二域控制器进行 认证, 包括:  With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the authenticating information is forwarded to a second node, and the second domain controller that is joined by the second node performs Certification, including:
在预先设置的控制表中查找与所述目标域控制器的域信息对应的域控制 器的域信息, 其中, 所述预先设置的控制表中包含: 节点信息, 节点信息所属 节点所加入域控制器的域信息; 根据所述查找得到域控制器的域信息在所述预先设置的控制表中找到匹 配的节点信息, 所述匹配的节点信息为第二节点信息; The domain information of the domain controller corresponding to the domain information of the target domain controller is searched in a preset control table, where the preset control table includes: node information, domain control of the node to which the node information belongs Domain information of the device; Finding, according to the domain information of the domain controller, the matched node information in the preset control table, where the matched node information is the second node information;
将所述认证信息转发给所述第二节点,由所述第二节点加入的第二域控制 器进行认证。  And forwarding the authentication information to the second node, and the second domain controller joined by the second node performs authentication.
结合第一方面, 在第一方面的第一种可能的实现方式中,  In conjunction with the first aspect, in a first possible implementation of the first aspect,
所述与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节 点反馈给所述第一节点, 包括:  The second domain controller that is in compliance with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node, including:
将所述认证信息广播到所述集群内的所有节点;  Broadcasting the authentication information to all nodes in the cluster;
所述集群内的所有节点判断其加入的域控制器的域信息是否符合所述认 证信息, 如果是, 则该节点为所述第二节点, 所述第二节点获取其加入的域控 制器反馈的认证结果 , 并将反馈结果发送给第一节点。  All nodes in the cluster determine whether the domain information of the domain controller to which they join meets the authentication information. If yes, the node is the second node, and the second node obtains feedback of the domain controller to which it joins. The result of the authentication, and the feedback result is sent to the first node.
本发明第二方面提供了一种跨域控制器的认证装置, 该装置包括第一节 点, 第二节点以及第二预控制器:  A second aspect of the present invention provides an authentication device for a cross-domain controller, the device comprising a first node, a second node, and a second pre-controller:
所述第一节点获取认证信息, 所述认证信息包含目标域控制器的域信息; 所述第一节点判断所述认证信息是否符合本节点所加入的域控制器的域 信息, 如果不相符, 则:  The first node obtains the authentication information, where the authentication information includes the domain information of the target domain controller; the first node determines whether the authentication information meets the domain information of the domain controller to which the node is joined, and if not, Then:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点;  And the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。  The second node is a node that joins the second domain controller.
结合第二方面, 在第二方面的第一种可能的实现方式中,  In conjunction with the second aspect, in a first possible implementation of the second aspect,
所述第一节点包括转发单元和反馈单元;  The first node includes a forwarding unit and a feedback unit;
所述转发单元将所述认证信息转发至第二节点,由所述第二域控制器进行 认证, 所述第二域控制器将认证结果反馈给所述反馈单元, 所述反馈单元将所 述认证结果反馈给所述第一节点。  The forwarding unit forwards the authentication information to the second node, and the second domain controller performs authentication, and the second domain controller feeds back the authentication result to the feedback unit, where the feedback unit The authentication result is fed back to the first node.
结合第二方面的第一种可能的实现方式, 在第二种可能的实现方式中, 所述转发单元包括第一查找模块、 第二查找模块和发送模块:  With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the forwarding unit includes a first searching module, a second searching module, and a sending module:
所述第一查找模块,用于在预先设置的控制表中查找与所述目标域控制器 的域信息对应的域控制器的域信息,并将所述与查找得到域控制器的域信息传 输给所述第二查找模块, 其中, 所述预先设置的控制表中包含: 节点信息, 节 点信息所属节点所加入域控制器的域信息; The first searching module is configured to search, in a preset control table, domain information of a domain controller corresponding to the domain information of the target domain controller, and transmit the domain information of the domain controller to the searched domain controller Giving the second search module, wherein the preset control table includes: node information, a section The domain information of the domain controller to which the node to which the point information belongs is added;
所述第二查找模块,用于从所述第一查找模块接收所述与查找得到域控制 器的域信息,根据所述查找得到域控制器的域信息在所述预先设置的控制表中 找到匹配的节点信息, 所述匹配的节点信息为第二节点信息, 并将所述第二节 点信息传输至所述发送模块;  The second search module is configured to receive the domain information of the domain controller from the first search module, and obtain domain information of the domain controller according to the search, and find the domain information in the preset control table. Matching node information, the matched node information is second node information, and transmitting the second node information to the sending module;
所述发送模块, 用于从所述第二查找模块接收所述第二节点信息, 并根据 所述第二节点信息将所述认证信息转发给所述第二节点,由所述第二节点加入 的第二域控制器进行认证。  The sending module is configured to receive the second node information from the second search module, and forward the authentication information to the second node according to the second node information, where the second node joins The second domain controller performs authentication.
结合第二方面, 在第二方面的第一种可能的实现方式中,  In conjunction with the second aspect, in a first possible implementation of the second aspect,
所述第一节点包括广播单元;  The first node includes a broadcast unit;
所述广播单元用于将所述认证信息广播到所述集群内的所有节点; 所述集群内的所有节点判断其加入的域控制器的域信息是否符合所述认 证信息, 如果是, 则该节点为所述第二节点, 所述第二节点获取其加入的域控 制器反馈的认证结果 , 并将反馈结果发送给第一节点。  The broadcast unit is configured to broadcast the authentication information to all nodes in the cluster; all nodes in the cluster determine whether the domain information of the domain controller to which they join meets the authentication information, and if so, The node is the second node, and the second node obtains the authentication result fed back by the domain controller that it joins, and sends the feedback result to the first node.
本发明第三方面提供了一种主机, 所述主机包括处理器, 通信接口, 存储 器和总线;  A third aspect of the present invention provides a host, the host including a processor, a communication interface, a memory, and a bus;
其中处理器、 通信接口、 存储器通过总线完成相互间的通信;  Wherein the processor, the communication interface, and the memory complete communication with each other through the bus;
所述通信接口,用于获取认证信息,并将所述认证信息传输给所述处理器; 所述处理器, 用于执行程序;  The communication interface is configured to acquire authentication information, and transmit the authentication information to the processor; the processor is configured to execute a program;
所述存储器, 用于存放程序;  The memory is configured to store a program;
其中程序用于:  The program is used to:
获取认证信息, 所述认证信息包含目标域控制器的域信息;  Obtaining authentication information, where the authentication information includes domain information of a target domain controller;
判断所述认证信息是否符合本节点所加入的域控制器的域信息,如果不相 符, 则:  Determining whether the authentication information conforms to the domain information of the domain controller to which the node is joined, and if not, the following:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点;  And the second domain controller that is consistent with the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。  The second node is a node that joins the second domain controller.
由于是由与认证信息相符的第二域控制器进行认证,认证结果通过第二节 点反馈给第一节点, 因此本申请实施例能够实现跨域控制器的认证, 进而满足 了域控用户访问其他域控制器节点上共享资源的需求。 附图说明 为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对 实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地, 下面 描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在 不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。 The authentication is performed by the second node, and the authentication result is fed back to the first node by using the second node. Therefore, the embodiment of the present application can implement the authentication of the cross-domain controller, thereby satisfying The need for domain-controlled users to access shared resources on other domain controller nodes. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and obviously, in the following description The drawings are only some of the embodiments of the present application, and those skilled in the art can obtain other drawings based on these drawings without any creative work.
图 1为本申请一个实施例所示的跨域控制器认证方法的一种流程示意图; 图 2为本申请一个实施例所示的跨域控制器认证方法的一种时序示意图; 图 3为本申请一个实施例所示的跨域控制器认证方法的一种时序示意图; 图 4为本申请一个实施例所示的跨域控制器认证方法的一种示意图; 图 5为本申请一个实施例所示的跨域控制器认证装置的一种结构示意图; 图 6为本申请一个实施例所示的第一节点的一种结构示意图;  1 is a schematic flowchart of a cross-domain controller authentication method according to an embodiment of the present disclosure; FIG. 2 is a timing diagram of a cross-domain controller authentication method according to an embodiment of the present application; FIG. 4 is a schematic diagram of a method for authenticating a cross-domain controller according to an embodiment of the present invention; FIG. 5 is a schematic diagram of a cross-domain controller authentication method according to an embodiment of the present application; FIG. 6 is a schematic structural diagram of a first node shown in an embodiment of the present application; FIG.
图 7为本申请一个实施例所示的主机的一种结构示意图;  7 is a schematic structural diagram of a host shown in an embodiment of the present application;
图 8为本申请一个实施例所示的程序 732的一种结构示意图。 具体实施方式  FIG. 8 is a schematic structural diagram of a program 732 shown in an embodiment of the present application. detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清 楚、 完整地描述, 显然, 所描述的实施例仅是本申请一部分实施例, 而不是全 部的实施例。基于本申请中的实施例, 本领域普通技术人员在没有做出创造性 劳动前提下所获得的所有其他实施例, 都属于本申请保护的范围。 参见图 1 , 示出了本申请一种跨域控制器的认证方法的一个实施例的流程 示意图, 该方法包括:  The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application. Referring to FIG. 1, a schematic flowchart of an embodiment of an authentication method of a cross-domain controller according to the present application is shown, where the method includes:
步骤 110: 第一节点获取认证信息。  Step 110: The first node obtains the authentication information.
认证信息包含目标域控制器的域信息。  The authentication information contains the domain information of the target domain controller.
步骤 120: 第一节点判断认证信息是否符合本节点所加入的域控制器的域 信息, 如果不相符, 则进行步骤 130。 本申请实施例公开了一种跨域控制器的认证方法,应用于多个域控制器以 及多个节点的装置,域控制器对加入到其域内的节点进行认证,需要说明的是, 上述的第一节点并不特指某一节点,而是加入至某一域控制器多个节点中的任 意一节点, 上述某一域控制器假定为第一域控制器, 也并不特指。 用户通过第 一节点进行登录, 输入认证信息, 目标域控制器的域信息, 如果用户输入的认 证信息均与第一域控制器的信息相符, 则由第一域控制器进行认证, 否则进行 步骤 130, 其中, 认证信息包含目标域控制器的域信息、 用户名和密码, 域信 息至少包括: 域 IP地址和域名。 Step 120: The first node determines whether the authentication information meets the domain information of the domain controller to which the node is added. If the information does not match, step 130 is performed. The embodiment of the present application discloses an authentication method for a cross-domain controller, which is applied to multiple domain controllers and devices of multiple nodes. The domain controller authenticates the nodes that are added to the domain, and it is necessary to explain that the foregoing The first node does not specifically refer to a certain node, but is added to any one of a plurality of nodes of a domain controller. The above-mentioned domain controller is assumed to be the first domain controller, and is not specifically referred to. The user logs in through the first node, enters the authentication information, and the domain information of the target domain controller. If the authentication information input by the user matches the information of the first domain controller, the first domain controller performs authentication, otherwise the step is performed. 130. The authentication information includes domain information, a username, and a password of the target domain controller, and the domain information includes at least: a domain IP address and a domain name.
步骤 130: 与认证信息相符的第二域控制器进行认证, 认证结果通过第二 节点反馈给所述第一节点。  Step 130: The second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node.
其中, 第二节点为加入所述第二域控制器的节点。  The second node is a node that joins the second domain controller.
由于是由与认证信息相符的第二域控制器进行认证,认证结果通过第二节 点反馈给第一节点, 因此本申请实施例能够实现跨域控制器的认证, 进而满足 了域控用户访问其他域控制器节点上共享资源的需求。 参见图 2, 本申请实施例公开了一种跨域控制器的认证方法, 应用于集群 网络连接式存储 NAS, 集群 NAS包括多个域控制器以及多个节点, 域控制器 对加入到其域内的节点进行认证, 本申请实施例以集群 NAS中的一个节点为 例进行说明:  The authentication is performed by the second node, and the authentication result is fed back to the first node by using the second node. Therefore, the embodiment of the present application can implement the authentication of the cross-domain controller, thereby satisfying the domain control user accessing the other. The need to share resources on a domain controller node. Referring to FIG. 2, an embodiment of the present application discloses an authentication method for a cross-domain controller, which is applied to a cluster network-connected storage NAS. The clustered NAS includes multiple domain controllers and multiple nodes, and the domain controller pair is added to the domain. The node is authenticated. The embodiment of the present application is described by taking a node in the clustered NAS as an example:
步骤 210: 第一节点获取认证信息。  Step 210: The first node acquires authentication information.
认证信息包含目标域控制器的域信息。 用户通过集群 NAS中的第一节点 输入认证信息, 要求进行登录访问该节点上的资源信息, 其中, 认证信息包含 目标域控制器的域信息、 用户名和密码, 目标域控制器的域信息又至少包括: 域 IP地址和域名。  The authentication information contains the domain information of the target domain controller. The user inputs the authentication information through the first node in the clustered NAS, and requests to log in to access the resource information on the node, where the authentication information includes the domain information, the user name, and the password of the target domain controller, and the domain information of the target domain controller is at least Includes: Domain IP address and domain name.
步骤 220: 第一节点判断认证信息是否符合本节点所加入的域控制器的域 信息, 如果不相符, 则进行步骤 230:  Step 220: The first node determines whether the authentication information meets the domain information of the domain controller to which the node joins. If not, proceed to step 230:
步骤 230: 第一节点将认证信息转发至第二节点, 由第二域控制器进行认 证, 第二域控制器将认证结果反馈给第二节点, 第二节点再将认证结果反馈给 第一节点。 其中, 第一节点将认证信息转发至第二节点, 由第二节点加入的第二域控 制器进行认证, 又可以包括: Step 230: The first node forwards the authentication information to the second node, where the second domain controller performs authentication, and the second domain controller feeds the authentication result to the second node, and the second node feeds back the authentication result to the first node. . The first node forwards the authentication information to the second node, and the second domain controller that is added by the second node performs authentication, and may include:
在预先设置的控制表中查找与目标域控制器的域信息对应的域控制器的 域信息;根据查找得到域控制器的域信息在预先设置的控制表中找到匹配的节 点信息, 匹配的节点信息为第二节点信息; 将认证信息转发给第二节点, 由第 二节点加入的第二域控制器进行认证, 其中, 预先设置的控制表中包含: 节点 信息, 节点信息所属节点所加入域控制器的域信息, 可以在集群 NAS内预先 设置一张控制表, 将加入域控制器的节点的节点信息, 节点信息所属节点所加 入域控制器的域信息同步到该控制表, 集群 NAS内的所有节点均可以根据该 控制表中的加入域控制器的域信息查找到所加入该域控制器的节点信息,并根 据节点信息查找到加入域控制器的节点。  Finding the domain information of the domain controller corresponding to the domain information of the target domain controller in the preset control table; finding the matching node information in the preset control table according to the domain information of the domain controller obtained by the search, the matching node The information is the second node information; the authentication information is forwarded to the second node, and the second domain controller joined by the second node performs authentication, wherein the preset control table includes: node information, and the node to which the node information belongs belongs to the domain The domain information of the controller may be preset in the cluster NAS, and the node information of the node joining the domain controller and the domain information of the domain controller to which the node information belongs are synchronized to the control table, in the cluster NAS All nodes can find the node information of the domain controller that is joined to the domain controller according to the domain information of the domain controller in the control table, and find the node that joins the domain controller according to the node information.
另一方面, 在步骤 220中, 如果第一节点判断认证信息符合本节点所加入 的域控制器的域信息, 那么则由本节点所加入的域控制器进行认证, 本节点所 加入的域控制器中包含了由这个域的 IP地址、 域名、 属于这个域的计算机的 用户名、 密码等信息构成的数据库, 当电脑联入网络时, 域控制器首先要鉴别 这台电脑是否是属于这个域的,用户输入认证信息中的域名、用户名是否存在、 密码是否正确。如果以上信息有一样不正确, 那么域控制器就会拒绝这个用户 从这台电脑登录,如果不能登录,用户就不能访问服务器上有权限保护的资源, 这样就在一定程度上保护了网络上的资源。  On the other hand, in step 220, if the first node determines that the authentication information conforms to the domain information of the domain controller to which the node is joined, then the domain controller joined by the node performs authentication, and the domain controller joined by the node It contains a database consisting of the IP address of this domain, the domain name, the user name and password of the computer belonging to this domain. When the computer is connected to the network, the domain controller first needs to identify whether the computer belongs to this domain. The user enters the domain name in the authentication information, whether the username exists, and whether the password is correct. If the above information is incorrect, the domain controller will refuse the user to log in from this computer. If the user cannot log in, the user cannot access the resources protected by the server, which protects the network to a certain extent. Resources.
下面具体的介绍域控制器进行认证的过程, 请参考图 3。  The following describes the process of domain controller authentication. Please refer to Figure 3.
步骤 310:节点向通用因特网文件装置 CIFS (Common Internet File System) 服务器发送协商 negotiate请求。  Step 310: The node sends a negotiation negotiate request to a Common Internet File System (CIFS) server.
建立 CIFS连接之前, 节点会发送一个协商请求给 CIFS服务器, CIFS月良 务器根据自己的实现情况最终协商出双方通讯的一些重要参数。  Before establishing a CIFS connection, the node sends a negotiation request to the CIFS server. The CIFS server finally negotiates some important parameters of the communication between the two parties according to its implementation.
步骤 320: CIFS服务器产生随机数的随机口令,并将随机口令发送至节点。 步骤 330: 节点根据 CIFS服务器产生的随机口令, 以及接收到的用户名 以及密码, 经过算法计算产生认证报文, 认证报文里包括 NTLM ( New Technology LAN Manager ) 的第一响应, 并将认证报文发送至 CIFS服务器。  Step 320: The CIFS server generates a random password of a random number and sends the random password to the node. Step 330: The node generates an authentication message according to a random password generated by the CIFS server, and the received user name and password, and the authentication message includes the first response of the NTLM (New Technology LAN Manager), and the authentication report is sent. The text is sent to the CIFS server.
步骤 340: CIFS服务器将用户名,随机口令以及第一响应发送给域控制器, 请求域控制器进行认证。 Step 340: The CIFS server sends the username, the random password, and the first response to the domain controller. Request a domain controller for authentication.
步骤 350: 域控制器根据随机口令、 用户名以及域控制器上这个用户的真 实密码, 与步骤 330同样的步骤计算出第二响应, 并与 CIFS服务器发过来的 第一响应进行比较, 相同则认证通过, 不同则认证失败, 并将认证结果返回给 CIFS服务器。  Step 350: The domain controller calculates the second response according to the random password, the user name, and the real password of the user on the domain controller, and compares with the first response sent by the CIFS server, and the same. If the authentication is successful, the authentication fails, and the authentication result is returned to the CIFS server.
其中, 与步骤 330同样的步骤是指使用用户名, 随机口令, 域上用户的真 实密码作计算。  The same steps as step 330 refer to the calculation using a user name, a random password, and a real password of the user on the domain.
步骤 360: CIFS服务器最终将认证结果返回给节点。  Step 360: The CIFS server finally returns the authentication result to the node.
本申请实施例为集群 NAS上通过 CIFS协议进行共享访问,实现不同域控 上用户通过集群上每一个结点都可以对不同结点上的共享文件进行读写访问。 比如一个公司的不同部门的权限由不同域控控制,但不同部门又对同一共享都 有访问权限, 则可以釆用本申请实施例进行权限认证,还不必解决同一结点加 入多个域的技术难题,因为,各个 NAS厂商主要釆用的 CIFS服务器为 samba, samba 目前无法实现同一个节点加入不同域控制器的操作, 另外, Windows 的各个版本目前也无法实现加入多个域控制器的操作。 参见图 4, 进一步的, 上述与认证信息相符的第二域控制器进行认证, 认 证结果通过第二节点反馈给第一节点, 可以包括:  In this embodiment, the shared access is performed on the clustered NAS through the CIFS protocol, so that users on different domain controllers can read and write shared files on different nodes through each node on the cluster. For example, the permissions of different departments of a company are controlled by different domain controllers, but different departments have access rights to the same share. You can use the embodiments of this application to perform rights authentication, and do not need to solve the technology of joining multiple nodes in the same node. The problem is that the CIFS server used by each NAS vendor is samba. Samba cannot implement the same node to join different domain controllers. In addition, various versions of Windows cannot implement operations for joining multiple domain controllers. Referring to FIG. 4, further, the second domain controller that is consistent with the authentication information performs the authentication, and the authentication result is fed back to the first node by using the second node, which may include:
将认证信息广播到集群内的所有节点;  Broadcast authentication information to all nodes in the cluster;
集群内的所有节点判断其加入的域控制器的域信息是否符合认证信息,如 果是,则该节点为第二节点,第二节点获取其加入的域控制器反馈的认证结果, 并将反馈结果发送给第一节点。  All the nodes in the cluster determine whether the domain information of the domain controller they join meets the authentication information. If yes, the node is the second node, and the second node obtains the authentication result fed back by the domain controller that it joins, and the feedback result is obtained. Send to the first node.
由上述实施例可知, 即使第一节点加入的域控制器瘫痪,但还是可以通过 其它节点所加入的域控制器来进行认证, 以达到访问第一节点上的资源的目 的, 同时还降低了域控制器瘫痪带来的不能登陆访问的风险。  It can be seen from the foregoing embodiment that even if the domain controller that the first node joins, the domain controller that is joined by other nodes can perform authentication to achieve the purpose of accessing the resources on the first node, and also reduce the domain. The risk that the controller will not be able to log in.
需要说明的是,还可以为每一个节点的域控制器建立备份域控制器, 进一 步降低域控制器瘫痪带来的不能登陆访问的风险。 请参考图 5, 与上述方法实施例对应的, 本申请实施例还公开了一种跨域 控制器的认证装置, 该装置包括第一节点 510, 第二节点 520以及第二预控制 器 530: It should be noted that a backup domain controller may also be established for the domain controller of each node, thereby further reducing the risk that the domain controller may not be able to log in. Referring to FIG. 5, corresponding to the foregoing method embodiment, the embodiment of the present application further discloses a cross-domain. An authentication device of the controller, the device comprising a first node 510, a second node 520 and a second pre-controller 530:
第一节点 510获取认证信息, 认证信息包含目标域控制器的域信息; 第一节点 510判断认证信息是否符合本节点所加入的域控制器的域信息, 如果不相符, 则:  The first node 510 obtains the authentication information, and the authentication information includes the domain information of the target domain controller. The first node 510 determines whether the authentication information conforms to the domain information of the domain controller to which the node joins. If not, the following:
与认证信息相符的第二域控制器 530 进行认证, 认证结果通过第二节点 520反馈给第一节点 510;  The second domain controller 530, which is in compliance with the authentication information, performs authentication, and the authentication result is fed back to the first node 510 through the second node 520;
其中, 第二节点 520为加入第二域控制器 530的节点。 进一步的, 参考图 6 , 第一节点 510包括转发单元 511和反馈单元 512; 转发单元 511将认证信息转发至第二节点 520, 由第二域控制器 530进行 认证, 第二域控制器 530将认证结果反馈给反馈单元 512, 反馈单元 512将认 证结果反馈给第一节点 510。  The second node 520 is a node that joins the second domain controller 530. Further, referring to FIG. 6, the first node 510 includes a forwarding unit 511 and a feedback unit 512; the forwarding unit 511 forwards the authentication information to the second node 520, and the second domain controller 530 performs authentication, and the second domain controller 530 The authentication result is fed back to the feedback unit 512, and the feedback unit 512 feeds back the authentication result to the first node 510.
进一步的, 转发单元 511包括第一查找模块、 第二查找模块和发送模块: 第一查找模块,用于在预先设置的控制表中查找与目标域控制器的域信息 对应的域控制器的域信息,并将与查找得到域控制器的域信息传输给第二查找 模块, 其中, 预先设置的控制表中包含: 节点信息, 节点信息所属节点所加入 域控制器的域信息;  Further, the forwarding unit 511 includes a first searching module, a second searching module, and a sending module. The first searching module is configured to search, in a preset control table, a domain of the domain controller corresponding to the domain information of the target domain controller. Information, and transmitting the domain information of the domain controller to the second search module, where the preset control table includes: node information, domain information of the domain controller to which the node to which the node information belongs;
第二查找模块, 用于从第一查找模块接收与查找得到域控制器的域信息, 根据查找得到域控制器的域信息在预先设置的控制表中找到匹配的节点信息, 匹配的节点信息为第二节点信息, 并将第二节点信息传输至发送模块;  a second search module, configured to receive domain information of the domain controller from the first search module, and obtain the matching node information in the preset control table according to the domain information of the domain controller obtained by the search, and the matched node information is Second node information, and transmitting the second node information to the sending module;
发送模块, 用于从第二查找模块接收第二节点信息, 并根据第二节点信息 将认证信息转发给第二节点, 由第二节点加入的第二域控制器进行认证。  The sending module is configured to receive the second node information from the second search module, and forward the authentication information to the second node according to the second node information, and perform authentication by the second domain controller that is added by the second node.
在本发明的其他实施例中。  In other embodiments of the invention.
第一节点可以包括广播单元;  The first node may include a broadcast unit;
广播单元用于将认证信息广播到集群内的所有节点;  The broadcast unit is configured to broadcast the authentication information to all nodes in the cluster;
集群内的所有节点判断其加入的域控制器的域信息是否符合认证信息,如 果是,则该节点为第二节点,第二节点获取其加入的域控制器反馈的认证结果, 并将反馈结果发送给第一节点。 由于是由与认证信息相符的第二域控制器进行认证,认证结果通过第二节 点反馈给第一节点, 因此本申请实施例能够实现跨域控制器的认证, 进而满足 了域控用户访问其他域控制器节点上共享资源的需求。 请参考图 7, 本发明实施例提供了一种主机 700的示意图。 主机 700可 能是包含计算能力的主机服务器, 或者是个人计算机 PC, 或者是可携带的便 携式计算机或终端等等, 本发明具体实施例并不对主机的具体实现做限定。主 机 700包括: All the nodes in the cluster determine whether the domain information of the domain controller they join meets the authentication information. If yes, the node is the second node, and the second node obtains the authentication result fed back by the domain controller that it joins, and the feedback result is obtained. Send to the first node. The authentication is performed by the second node, and the authentication result is fed back to the first node by using the second node. Therefore, the embodiment of the present application can implement the authentication of the cross-domain controller, thereby satisfying the domain control user accessing the other. The need to share resources on a domain controller node. Referring to FIG. 7, an embodiment of the present invention provides a schematic diagram of a host 700. The host 700 may be a host server that includes computing power, or a personal computer PC, or a portable computer or terminal that can be carried. The specific embodiment of the present invention does not limit the specific implementation of the host. The host 700 includes:
处理器 (processor)710 , 通信接口 (Communications Interface)720 , 存者器 (memory)730, 总线 740。  A processor 710, a communications interface 720, a memory 730, and a bus 740.
处理器 710,通信接口 720 ,存储器 730通过总线 740完成相互间的通信。 通信接口 720 , 用于获取认证信息, 并将认证信息传输给处理器 710; 处理器 710, 用于执行程序 732。  The processor 710, the communication interface 720, and the memory 730 complete communication with each other via the bus 740. The communication interface 720 is configured to obtain authentication information, and transmit the authentication information to the processor 710. The processor 710 is configured to execute the program 732.
具体地,程序 732可以包括程序代码,所述程序代码包括计算机操作指令。 处理器 710 可能是一个中央处理器 CPU, 或者是特定集成电路 ASIC In particular, program 732 can include program code, the program code including computer operating instructions. Processor 710 may be a central processing unit CPU or a specific integrated circuit ASIC
( Application Specific Integrated Circuit ),或者是被配置成实施本发明实施例的 一个或多个集成电路。 (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention.
存储器 730 , 用于存放程序 732。 存储器 730可能包含高速 RAM存储器, 也可能还包括非易失性存储器(non-volatile memory ), 例如至少一个磁盘存储 器。  The memory 730 is configured to store the program 732. Memory 730 may include high speed RAM memory and may also include non-volatile memory, such as at least one disk storage.
程序 732具体可以用于:  Program 732 can be specifically used to:
获取认证信息, 认证信息包含目标域控制器的域信息;  Obtain authentication information, where the authentication information includes domain information of the target domain controller;
判断认证信息是否符合本节点所加入的域控制器的域信息, 如果不相符, 则:  Determine whether the authentication information meets the domain information of the domain controller to which the node joins. If they do not match, then:
与认证信息相符的第二域控制器进行认证,认证结果通过第二节点反馈给 第一节点;  The second domain controller corresponding to the authentication information performs authentication, and the authentication result is fed back to the first node by using the second node;
其中, 第二节点为加入第二域控制器的节点。  The second node is a node that joins the second domain controller.
如图 8所示, 程序 732, 可以包括:  As shown in FIG. 8, the program 732 may include:
第一节点 510 , 第二节点 520以及第二预控制器 530: 第一节点 510获取认证信息, 认证信息包含目标域控制器的域信息; 第一节点 510判断认证信息是否符合本节点所加入的域控制器的域信息, 如果不相符, 则: The first node 510, the second node 520, and the second pre-controller 530: The first node 510 obtains the authentication information, and the authentication information includes the domain information of the target domain controller. The first node 510 determines whether the authentication information meets the domain information of the domain controller to which the node joins. If not, the following:
与认证信息相符的第二域控制器 530 进行认证, 认证结果通过第二节点 520反馈给第一节点 510;  The second domain controller 530, which is in compliance with the authentication information, performs authentication, and the authentication result is fed back to the first node 510 through the second node 520;
其中, 第二节点 520为加入第二域控制器 530的节点。  The second node 520 is a node that joins the second domain controller 530.
程序 732中各节点和预控制器的具体实现参见上述实施例中的相应单元, 在此不赘述。 所属领域的技术人员可以清楚地了解到, 为描述的方便和简洁, 上述描述 的装置、装置和单元的具体工作过程 ,可以参考前述方法实施例中的对应过程 , 在此不再赘述。  For the specific implementation of each node and the pre-controller in the program 732, refer to the corresponding units in the foregoing embodiment, and details are not described herein. A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the device, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的装置、 装置和方 法, 可以通过其它的方式实现。 例如, 以上所描述的装置实施例仅仅是示意性 的, 例如, 所述单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可以有另 外的划分方式, 例如多个单元或组件可以结合或者可以集成到另一个装置, 或 一些特征可以忽略, 或不执行。 另一点, 所显示或讨论的相互之间的耦合或直 接耦合或通信连接可以是通过一些通信接口,装置或单元的间接耦合或通信连 接, 可以是电性, 机械或其它的形式。 单元显示的部件可以是或者也可以不是物理单元, 即可以位于一个地方, 或者 也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部 单元来实现本实施例方案的目的。  In the several embodiments provided herein, it should be understood that the disclosed apparatus, apparatus, and methods may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another device, or some features can be ignored, or not executed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some communication interface, device or unit, and may be in electrical, mechanical or other form. The components displayed by the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.
另外, 在本发明各个实施例中的各功能单元可以集成在一个处理单元中, 也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元 中。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用 时, 可以存储在一个计算机可读取存储介质中。 基于这样的理解, 本发明的技 术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以 以软件产品的形式体现出来, 该计算机软件产品存储在一个存储介质中, 包括 若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设 备等)执行本发明各个实施例所述方法的全部或部分步骤。 而前述的存储介质 包括: U盘、 移动硬盘、 只读存储器(ROM, Read-Only Memory ), 随机存取 存储器(RAM, Random Access Memory ), 磁碟或者光盘等各种可以存储程序 代码的介质。 The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present invention may contribute to the prior art or part of the technical solution. Illustrated in the form of a software product stored in a storage medium, comprising instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the embodiments of the present invention. All or part of the steps of the method. The foregoing storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于 此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到 变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应 所述以权利要求的保护范围为准。  The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权 利 要 求 Rights request
1、 一种跨域控制器的认证方法, 应用于多个域控制器以及多个节点的系 统, 其特征在于, 该方法包括: 1. A cross-domain controller authentication method, applied to systems with multiple domain controllers and multiple nodes, characterized in that the method includes:
第一节点获取认证信息, 所述认证信息包含目标域控制器的域信息; 第一节点判断所述认证信息是否符合本节点所加入的域控制器的域信息, 如果不相符, 则: The first node obtains authentication information, which includes the domain information of the target domain controller; the first node determines whether the authentication information matches the domain information of the domain controller to which this node has joined. If it does not match, then:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点; The second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node through the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。 Wherein, the second node is a node that joins the second domain controller.
2、 根据权利要求 1所述的方法, 其特征在于, 所述与所述认证信息相符 的第二域控制器进行认证,认证结果通过第二节点反馈给所述第一节点,包括: 所述第一节点将所述认证信息转发至第二节点,由所述第二域控制器进行 认证, 所述第二域控制器将认证结果反馈给所述第二节点, 所述第二节点将所 述认证结果反馈给所述第一节点。 2. The method according to claim 1, characterized in that: the second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node through the second node, including: The first node forwards the authentication information to the second node, and the second domain controller performs authentication. The second domain controller feeds back the authentication result to the second node. The second node transmits the authentication information to the second node. The authentication result is fed back to the first node.
3、 根据权利要求 2所述的方法, 其特征在于, 所述将所述认证信息转发 至第二节点, 由所述第二节点加入的第二域控制器进行认证, 包括: 3. The method according to claim 2, characterized in that: forwarding the authentication information to the second node, and performing authentication by a second domain controller joined by the second node, includes:
在预先设置的控制表中查找与所述目标域控制器的域信息对应的域控制 器的域信息, 其中, 所述预先设置的控制表中包含: 节点信息, 节点信息所属 节点所加入域控制器的域信息; Search the domain information of the domain controller corresponding to the domain information of the target domain controller in the preset control table, where the preset control table includes: node information, domain control joined by the node to which the node information belongs Domain information of the server;
根据所述查找得到域控制器的域信息在所述预先设置的控制表中找到匹 配的节点信息, 所述匹配的节点信息为第二节点信息; Find matching node information in the preset control table based on the domain information of the domain controller obtained by the search, and the matching node information is the second node information;
将所述认证信息转发给所述第二节点,由所述第二节点加入的第二域控制 器进行认证。 The authentication information is forwarded to the second node, and the second domain controller joined by the second node performs authentication.
4、 根据权利要求 1所述的方法, 其特征在于, 所述与所述认证信息相符 的第二域控制器进行认证,认证结果通过第二节点反馈给所述第一节点,包括: 将所述认证信息广播到所述集群内的所有节点; 4. The method according to claim 1, characterized in that: the second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node through the second node, including: The authentication information is broadcast to all nodes in the cluster;
所述集群内的所有节点判断其加入的域控制器的域信息是否符合所述认 证信息, 如果是, 则该节点为所述第二节点, 所述第二节点获取其加入的域控 制器反馈的认证结果, 并将反馈结果发送给第一节点。 All nodes in the cluster determine whether the domain information of the domain controller they join meets the authentication information. If so, the node is the second node, and the second node obtains feedback from the domain controller it joins. The authentication result is obtained, and the feedback result is sent to the first node.
5、 一种跨域控制器的认证装置, 其特征在于, 该装置包括第一节点, 第 二节点以及第二预控制器: 5. A cross-domain controller authentication device, characterized in that the device includes a first node, a second node and a second pre-controller:
所述第一节点获取认证信息, 所述认证信息包含目标域控制器的域信息; 所述第一节点判断所述认证信息是否符合本节点所加入的域控制器的域 信息, 如果不相符, 则: The first node obtains authentication information, and the authentication information includes the domain information of the target domain controller; the first node determines whether the authentication information matches the domain information of the domain controller to which the node has joined. If it does not match, but:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点; The second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node through the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。 Wherein, the second node is a node that joins the second domain controller.
6、 根据权利要求 5所述的装置, 其特征在于, 6. The device according to claim 5, characterized in that,
所述第一节点包括转发单元和反馈单元; The first node includes a forwarding unit and a feedback unit;
所述转发单元将所述认证信息转发至第二节点,由所述第二域控制器进行 认证, 所述第二域控制器将认证结果反馈给所述反馈单元, 所述反馈单元将所 述认证结果反馈给所述第一节点。 The forwarding unit forwards the authentication information to the second node, and the second domain controller performs authentication. The second domain controller feeds back the authentication result to the feedback unit, and the feedback unit sends the The authentication result is fed back to the first node.
7、 根据权利要求 6所述的装置, 其特征在于, 7. The device according to claim 6, characterized in that,
所述转发单元包括第一查找模块、 第二查找模块和发送模块: The forwarding unit includes a first search module, a second search module and a sending module:
所述第一查找模块,用于在预先设置的控制表中查找与所述目标域控制器 的域信息对应的域控制器的域信息,并将所述与查找得到域控制器的域信息传 输给所述第二查找模块, 其中, 所述预先设置的控制表中包含: 节点信息, 节 点信息所属节点所加入域控制器的域信息; The first search module is used to search the domain information of the domain controller corresponding to the domain information of the target domain controller in the preset control table, and transmit the domain information of the domain controller obtained by the search. To the second search module, wherein the preset control table includes: node information, domain information of the domain controller to which the node information belongs;
所述第二查找模块,用于从所述第一查找模块接收所述与查找得到域控制 器的域信息,根据所述查找得到域控制器的域信息在所述预先设置的控制表中 找到匹配的节点信息, 所述匹配的节点信息为第二节点信息, 并将所述第二节 点信息传输至所述发送模块; The second search module is configured to receive the domain information of the domain controller obtained from the search from the first search module, and find the domain information of the domain controller found in the preset control table according to the search. Matching node information, the matching node information is second node information, and transmitting the second node information to the sending module;
所述发送模块, 用于从所述第二查找模块接收所述第二节点信息, 并根据 所述第二节点信息将所述认证信息转发给所述第二节点,由所述第二节点加入 的第二域控制器进行认证。 The sending module is configured to receive the second node information from the second search module, and forward the authentication information to the second node according to the second node information, and the second node joins second domain controller for authentication.
8、 根据权利要求 5所述的装置, 其特征在于, 8. The device according to claim 5, characterized in that,
所述第一节点包括广播单元; The first node includes a broadcast unit;
所述广播单元用于将所述认证信息广播到所述集群内的所有节点; 所述集群内的所有节点判断其加入的域控制器的域信息是否符合所述认 证信息, 如果是, 则该节点为所述第二节点, 所述第二节点获取其加入的域控 制器反馈的认证结果 , 并将反馈结果发送给第一节点。 The broadcast unit is used to broadcast the authentication information to all nodes in the cluster; All nodes in the cluster determine whether the domain information of the domain controller they join meets the authentication information. If so, the node is the second node, and the second node obtains feedback from the domain controller it joins. The authentication result is obtained, and the feedback result is sent to the first node.
9、 一种主机, 其特征在于, 所述主机包括处理器, 通信接口, 存储器和 总线; 9. A host, characterized in that the host includes a processor, a communication interface, a memory and a bus;
其中处理器、 通信接口、 存储器通过总线完成相互间的通信; Among them, the processor, communication interface, and memory complete communication with each other through the bus;
所述通信接口,用于获取认证信息,并将所述认证信息传输给所述处理器; 所述处理器, 用于执行程序; The communication interface is used to obtain authentication information and transmit the authentication information to the processor; the processor is used to execute programs;
所述存储器, 用于存放程序; The memory is used to store programs;
其中程序用于: Where the program is used for:
获取认证信息, 所述认证信息包含目标域控制器的域信息; Obtain authentication information, where the authentication information includes domain information of the target domain controller;
判断所述认证信息是否符合本节点所加入的域控制器的域信息,如果不相 符, 则: Determine whether the authentication information matches the domain information of the domain controller to which this node has joined. If not, then:
与所述认证信息相符的第二域控制器进行认证,认证结果通过第二节点反 馈给所述第一节点; The second domain controller that matches the authentication information performs authentication, and the authentication result is fed back to the first node through the second node;
其中, 所述第二节点为加入所述第二域控制器的节点。 Wherein, the second node is a node that joins the second domain controller.
+ +
PCT/CN2013/075910 2012-10-31 2013-05-20 Cross-domain controller authentication method, apparatus, and host WO2014067284A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210427606.4A CN103795530B (en) 2012-10-31 2012-10-31 A kind of method, device and the main frame of cross-domain controller certification
CN201210427606.4 2012-10-31

Publications (1)

Publication Number Publication Date
WO2014067284A1 true WO2014067284A1 (en) 2014-05-08

Family

ID=50626405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/075910 WO2014067284A1 (en) 2012-10-31 2013-05-20 Cross-domain controller authentication method, apparatus, and host

Country Status (2)

Country Link
CN (1) CN103795530B (en)
WO (1) WO2014067284A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11146477B2 (en) * 2015-03-31 2021-10-12 Verizon Patent And Licensing Inc. Discovery and admission control of forwarding boxes in a software-defined network

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105634765A (en) * 2014-10-29 2016-06-01 中兴通讯股份有限公司 Controller replacement method and controller replacement device
CN104754047A (en) * 2015-03-26 2015-07-01 浪潮集团有限公司 Method for performing cross-platform unified management on users of cluster storage system
CN105099710A (en) * 2015-08-28 2015-11-25 中国航天科工集团第二研究院七〇六所 Cross-domain access control method for trusted radio frequency identification network
CN105657026A (en) * 2016-01-27 2016-06-08 浪潮电子信息产业股份有限公司 Method for realizing cross-domain working of NAS (Network Attached Storage) server
CN105933125B (en) * 2016-07-07 2019-08-09 北京邮电大学 South orientation safety certifying method and device in a kind of software defined network
CN108989270B (en) * 2017-06-02 2021-03-05 华为技术有限公司 Authentication method, device and system
CN112995097B (en) * 2019-12-13 2023-09-22 中兴通讯股份有限公司 Cross-domain access system, method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101595675A (en) * 2005-02-04 2009-12-02 思科技术公司 The method and system that is used for inter-subnet pre-authentication
CN101668292A (en) * 2009-10-23 2010-03-10 中国电信股份有限公司 WAPI roaming access authentication method, system and access site (AS) server thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471777B (en) * 2007-12-29 2011-08-31 中国科学院计算技术研究所 Access control system and method between domains based on domain name
CN101399671B (en) * 2008-11-18 2011-02-02 中国科学院软件研究所 Cross-domain authentication method and system thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101595675A (en) * 2005-02-04 2009-12-02 思科技术公司 The method and system that is used for inter-subnet pre-authentication
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN101668292A (en) * 2009-10-23 2010-03-10 中国电信股份有限公司 WAPI roaming access authentication method, system and access site (AS) server thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11146477B2 (en) * 2015-03-31 2021-10-12 Verizon Patent And Licensing Inc. Discovery and admission control of forwarding boxes in a software-defined network

Also Published As

Publication number Publication date
CN103795530B (en) 2017-11-03
CN103795530A (en) 2014-05-14

Similar Documents

Publication Publication Date Title
WO2014067284A1 (en) Cross-domain controller authentication method, apparatus, and host
US9866556B2 (en) Common internet file system proxy authentication of multiple servers
US10069630B2 (en) Synchronizing credential hashes between directory services
TWI780047B (en) Identity authentication method, device and system
US10623272B2 (en) Authenticating connections and program identity in a messaging system
EP3001600B1 (en) Account login method, equipment and system
EP2629488B1 (en) Authentication system, authentication method, and network storage appliance
WO2015180192A1 (en) Network connection method, hotspot terminal, and management terminal
WO2013159576A1 (en) Method and terminal for accessing wireless network, wi-fi access network node, and authentication server
US9621405B2 (en) Constant access gateway and de-duplicated data cache server
WO2017016252A1 (en) Token generation and authentication method, and authentication server
US10798083B2 (en) Synchronization of multiple independent identity providers in relation to single sign-on management
WO2009092222A1 (en) A method,a client and a communication system for sharing a communication object
US20140189346A1 (en) License server manager
US20220123950A1 (en) Multi-party cloud authenticator
US20180343309A1 (en) Migrating sessions using a private cloud - cloud technology
WO2017080333A1 (en) Online authentication method, authentication server and authentication system therein
EP3815329B1 (en) Registration of the same domain with different cloud services networks
US9948648B1 (en) System and method for enforcing access control to publicly-accessible web applications
US10931662B1 (en) Methods for ephemeral authentication screening and devices thereof
US11252143B2 (en) Authentication system, authentication server and authentication method
US20180343310A1 (en) Automatic migration of communication sessions using a private cloud-cloud technology
SG194072A1 (en) Authentication information processing
WO2023009929A1 (en) Certificate revocation at datacenters as a service
CN115664686A (en) Login method, login device, computer equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13852157

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13852157

Country of ref document: EP

Kind code of ref document: A1