| Computer security system requires the properties of flexibility, stability and self-controllability. Focusing on the flexibility and self-controllability and referring to the directory service theory, this paper developes an identity authentication system for the enterprises by introducing an intergrating authentication mechanism with LDAP protocol named Kerberos. Kerberos can be applied to the design of certificate authorities architecture and the implement of the unified authentication and authoriztion, which significantly improves the security of the indentity authentication system.Unified identity authentication system based on directory service introduces LDAP protocol and uses distributed characteristic of directory service, organizes users'information and network resources in a logic tree, which distributed over all application systems. That simplifies communication between authentication center and application systems, and reduces the system's difficulty to realize. Compared with distributed network system centered on database, this method of realizing is extendable and the management to centralize, flexible, and simplified achievement.This system is based on three-side identical Kerberos authentication protocol. A method integrating authentication mechanism named Kerberos with LDAP protocol is proposed. The paper mainly completed the design of authentication server, realized user unified authentication and authorization by AS and TGS. The system supports the mutual authentication, and greatly improves the coefficient of security. At the same time, it needs one-time identity authentication adopted single sign-on and acquires all authorized service by the transparent logon. The system centralizes the loose users by single sign-on technology, automates the user logon of the application service, decreases the users'waiting time. |
PDF Full Text Request