| User unified identity authentication platform researches and develops identity authentication system for the enterprise, provides a integrated user unified identity authentication system. Unified identity authentication system based on directory service introduces LDAP protocol and uses distributed characteristic of directory service, organizes users'information and network resources in a logic tree, which distributed over all application systems. That simplifies communication between authentication center and application systems, and reduces the system's difficulty to realize. Compared with distributed network system centered on database, this method of realizing is extendable and the management to centralize, flexible, and simplified achievement. This system is based on three-side identical Kerberos authentication protocol. A method integrating authentication mechanism named Kerberos with LDAP protocol is proposed. The paper mainly completed the design of authentication server, realized user unified authentication and authorization by AS and TGS. Adopting the conception of "Ticket", the system achieves one-time grant mechanism and makes it easy for users and managements. The system supports the mutual authentication, and greatly improves the coefficient of security. At the same time, it needs one-time identity authentication adopted single sign-on and acquires all authorized service by the transparent logon. The system centralizes the loose users by single sign-on technology, automates the user logon of the application service, decreases the users'waiting time.
|
PDF Full Text Request