公开(公告)号：DE69613948D1

公开(公告)日：2001-08-23

申请号：DE69613948

申请日：1996-11-13

Applicant: IBM

Inventor： KELLS TIMOTHY ROGER ,  PEEBLES THOMAS FRANK

IPC: G06F13/00 ,  G06F15/16 ,  G06F15/177 ,  G06F21/00 ,  G06F21/20 ,  G06F1/00

Abstract: LAN server machines are configured to utilize their existing mechanisms to pass generic security subsystem (GSS) distributed computing environment (DCE) credentials. The server management block (SMB) protocol is extended to facilitate exchange of such credentials wherein the server utilizes the GSS API interface to obtain and validate such credentials. The GSS interface provides tokens which encapsulate all necessary information to perform mutual authentication between the client and server. A new protocol level is defined with respect to such SMB protocol extensions which includes a new protocol name exchanged in the negotiate protocol (NP) SMB. Pre-existing LAN servers will turn on a bit in the SMB_Secmode field in the NP response indicating that the server supports exchange of secpkgX SMB. The server will then wait for an SMB secpkgX or SMB sesssetupX response. The former response will permit the user/client and server to exchange GSS tokens utilizing a conventional LAN server mechanism and to thereby and mutually authenticate.

公开(公告)号：DE69613948T2

公开(公告)日：2002-01-24

申请号：DE69613948

申请日：1996-11-13

Applicant: IBM

Inventor： KELLS TIMOTHY ROGER ,  PEEBLES THOMAS FRANK

IPC: G06F13/00 ,  G06F15/16 ,  G06F15/177 ,  G06F21/00 ,  G06F21/20 ,  G06F1/00

Abstract: LAN server machines are configured to utilize their existing mechanisms to pass generic security subsystem (GSS) distributed computing environment (DCE) credentials. The server management block (SMB) protocol is extended to facilitate exchange of such credentials wherein the server utilizes the GSS API interface to obtain and validate such credentials. The GSS interface provides tokens which encapsulate all necessary information to perform mutual authentication between the client and server. A new protocol level is defined with respect to such SMB protocol extensions which includes a new protocol name exchanged in the negotiate protocol (NP) SMB. Pre-existing LAN servers will turn on a bit in the SMB_Secmode field in the NP response indicating that the server supports exchange of secpkgX SMB. The server will then wait for an SMB secpkgX or SMB sesssetupX response. The former response will permit the user/client and server to exchange GSS tokens utilizing a conventional LAN server mechanism and to thereby and mutually authenticate.

公开(公告)号：DE69610168D1

公开(公告)日：2000-10-12

申请号：DE69610168

申请日：1996-05-24

Applicant: IBM

Inventor： KELLS TIMOTHY ROGER ,  SIGLER WAYNE DUBE

IPC: G06F21/20 ,  G06F21/00 ,  G06F1/00

Abstract: A system wide sign-on capability in a distributed computing environment (DCE) is provided. Acquired distributed computing environment credentials are usable by any process/window on a desktop. DCE logon application programming interfaces create and recognize the presence of a credentials cache capable of being used by DCE processes in the system. System wide logon occurs whenever the logon API is invoked with the environment variable set. This API is called as a result of the system logon option having been selected. The API updates a global variable with the name of the credentials cache. A process variable is set to the global value by initialization logic for all subsequently invoked applications. As a result, any calls made by these application will acquire the credentials identified by the variable.