Research And Implementation Of Unified Identity Authentication And Authorization Management System Based On Kerberos And LDAP Protocol

With the advancement of informatization construction process in China, all kinds of application information systems of enterprises are developped rapidly.However, each application system has its own independent identity authentication mechanism, and is maintaining its own users’data respectively.It makes the identity authentication module fragmented and user management scattered.It shows the urgent need to establish unified identity authentication and authorization management system to integrate existing application systems and achieve unified authentication and user management.This paper takes the unified identity authentication and authorization management system as the research object, researches the related protocol and technology in-depth.The following results are obtained:(1) This paper researches Kerberos protocol which is one of the identity authentication technology, and proposes the identity authentication model which is improved based on Kerberos protocol.This model not only provides the authoritative user information for the system but also integrates independent authentication of application systems effectively.It results in the establishment of an independent authentication mechanism with high security and reliability and improves the security of information interaction among entities.(2) This paper researches the LDAP protocol which is one of the directory service technology, and puts forward improved scheme of application that is combining LDAP and identity authentication model which is improved based on Kerberos protocol.It improves the performance of the authentication operation and management work.(3) This paper researches data synchronization scheme, and proposes LDAP data synchronization scheme which realizes the function of trigger based on the analysis of LDAP log.It can synchronize real-time data among entitites, and improves the consistency and integrality of data.This paper proposes that designs and implements unified identity authentication and authorization management system based on Kerberos and LDAP protocol. It solves the problems of current application system construction, and integrates application systems effectively.The system realizes the unity of the centralized user management and authentication and increases the work efficiency, improves the safety and reliability of identity authentication and authorization.It has some practical value.