CN110971566A - Account unified management method, system and computer readable storage medium - Google Patents
Account unified management method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN110971566A CN110971566A CN201811146157.XA CN201811146157A CN110971566A CN 110971566 A CN110971566 A CN 110971566A CN 201811146157 A CN201811146157 A CN 201811146157A CN 110971566 A CN110971566 A CN 110971566A
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- server
- user
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 42
- 238000012795 verification Methods 0.000 claims description 49
- 238000000034 method Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 239000000470 constituent Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an account unified management method, which comprises the following steps: acquiring an authentication request, wherein the authentication request comprises authentication information; generating an authentication strategy according to the authentication request; performing AD authentication on the authentication request according to the authentication strategy; and returning an authentication result. The invention manages the account number of the user in the domain in a centralized way through the domain server, the account number information is stored in the domain server, the domain server comprises a database which is composed of the account number and the password of the domain, the computer and other information belonging to the domain, through accessing AD, enterprises can realize the unified identity management of a mailbox system, an office system, a management system and other multi-application systems, and the user can log in all the systems only by using the domain account number name and the password, thereby improving the working efficiency.
Description
Technical Field
The present invention relates to the field of information technology, and in particular, to a method, a system, and a computer-readable storage medium for unified account management.
Background
With continuous deepening of informatization, the IT environment of an enterprise becomes more and more complex, business system users need to complete business work on different systems in order to access information and complete corresponding work, on one hand, the enterprise needs to perform unified dynamic management on users and authorities without business systems, and on the other hand, the enterprise also needs to implement a unified security policy on all systems.
There are a large number of business systems in the information system, which belong to different departments and different applications, respectively. Each system is provided with a set of independent account, authentication, authorization and auditing system, and when the staff uses different service systems, the staff needs to access different addresses and remember complex passwords of a plurality of service systems; when maintenance personnel maintain multiple systems simultaneously, the complexity of the work is multiplied.
All the systems respectively manage the affiliated system resources, lack a centralized and unified resource authorization management platform and cannot strictly distribute the authority according to the minimum authority principle. In addition, as the number of users increases, the authority management task is heavier and heavier, and the security of the system cannot be fully guaranteed.
Users often need to switch among various information systems, and each time when one system is switched to another system, the users need to input user names and passwords for logging in, which brings inconvenience to the work of the users and affects the work efficiency. The user can use a simpler password or the same password for easy memorization, and the security of the system is damaged.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present invention is directed to a method, a system and a computer-readable storage medium for managing accounts uniformly, which solve the problem of the prior art that the accounts cannot be managed uniformly.
In order to achieve the above and other related objects, the present invention provides a method for unified account management, including:
acquiring an authentication request, wherein the authentication request comprises authentication information;
generating an authentication strategy according to the authentication request;
performing AD authentication on the authentication request according to the authentication strategy;
and returning an authentication result.
Optionally, the method further includes issuing relevant authentication prompt information after authenticating the authentication request.
Optionally, performing AD authentication on the authentication request specifically includes:
acquiring authentication information in the authentication request by analyzing the authentication request, and comparing the authentication information with authentication information in a pre-stored user list to judge whether the user is a legal user; if the matching is consistent, the user is a legal user; otherwise, the user is an illegal user.
Optionally, the method further comprises:
after the authentication is successful, sending authentication passing information;
generating a verification request corresponding to the authentication information;
generating first verification information according to the verification request and sending the first verification information to a terminal corresponding to authentication information;
and receiving input second verification information, and logging in a corresponding client if the first verification information is the same as the second verification information.
Optionally, the account unified management method includes the following steps:
creating OpenVPN authenticated users and groups on an AD server;
installing an AD authentication plug-in on the OpenVPN server;
modifying the configuration file of the AD authentication plug-in and adding the content authenticated by the AD server;
and modifying the OpenVPN configuration file and enabling an AD authentication option.
To achieve the above and other related objects, the present invention further provides an account unified management system, which includes an AD server and an OpenVPN server,
the OpenVPN server is used for receiving an authentication request of a client and sending the authentication request to the AD server for authentication; the authentication request includes authentication information;
and the AD server is used for obtaining an authentication strategy according to the authentication request, performing AD authentication on the authentication request according to the authentication strategy and returning an authentication result to the OpenVPN server.
Optionally, the AD server further includes an issuing unit, configured to issue relevant authentication prompt information after authenticating the authentication request.
Optionally, performing AD authentication on the authentication request specifically includes:
acquiring authentication information in the authentication request by analyzing the authentication request, and comparing the authentication information with authentication information in a pre-stored user list to judge whether the user is a legal user; if the matching is consistent, the user is a legal user; otherwise, the user is an illegal user.
Optionally, the AD server is further configured to send AD authentication passing information to the OpenVPN server;
the OpenVPN server is further used for generating a verification request corresponding to the authentication information when AD authentication passing information sent by the AD server is received; the OpenVPN server generates first verification information according to the verification request and sends the first verification information to a terminal corresponding to the authentication information;
the OpenVPN server is further configured to receive second authentication information input by a user, compare the first authentication information with the second authentication information, and log in a corresponding client if the first authentication information is the same as the second authentication information.
To achieve the above and other related objects, the present invention further provides a computer-readable storage medium storing a computer program, wherein the computer program is executed by a processor to perform the management method.
As described above, the account unified management method, system and readable storage medium of the present invention have the following advantages:
the invention realizes the unified management of the account by using a unified AD authentication mode, greatly improves the working efficiency, enhances the overall safety of the system, is convenient for a system administrator to implement more effective management and reduces the burden during maintenance.
Drawings
FIG. 1 is a flow chart of one embodiment of a unified account management method;
FIG. 2 is a flow chart of another embodiment of a method for unified account management;
fig. 3 is a flowchart of a method of configuring an AD server and an OpenVPN server;
fig. 4 is a schematic block diagram of an account unified management system.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
Note that in corresponding figures of embodiments, where signals are represented by lines, some lines are thicker, to indicate more constituent signal paths and/or one or more ends of some lines have arrows, to indicate primary information flow direction, such designations are not intended to be limiting, and indeed, where such lines are used in connection with one or more example embodiments to facilitate easier connection of circuits or logic elements, any represented signal (as determined by design requirements or preferences) may actually comprise one or more signals that may be communicated in either direction and may be implemented in any suitable type of signal scheme.
Unless otherwise specified the use of the ordinal adjectives "first", "second", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
Reference in the specification to "an embodiment," "one embodiment," "some embodiments," or "other embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least some embodiments, but not necessarily all embodiments. The various appearances of "an embodiment," "one embodiment," or "some embodiments" are not necessarily all referring to the same embodiments. If the specification states a component, feature, structure, or characteristic "may", "might", or "could" be included, that particular component, feature, structure, or characteristic is not necessarily included. If the specification or claim refers to "a" or "an" element, that does not mean there is only one of the element. If the specification or claim refers to "a further" element, that does not preclude there being more than one of the further element.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory structures (e.g., dynamic ram (dram)) may use the discussed embodiments. The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims.
Example one
As shown in fig. 1, an account unified management method includes:
s11, obtaining an authentication request, wherein the authentication request comprises authentication information.
In this embodiment, the authentication information may be a user name and a password of the user.
And S12, generating an authentication strategy according to the authentication request.
In this embodiment, the authentication policy refers to an authentication manner obtained by combining authentication manners through logical relations such as and/or not. The administrator can add, delete or combine the authentication modes according to the authentication strategy so as to meet various authentication requirements. For example, a group of users share one account, and the users access the system through a username and a password, the authentication policy may be expressed as: username/password.
Or, a group of users share one user, and the user accesses the system through the user password, and the access must be limited to a certain IP address field, then the authentication policy may be expressed as: username/password "with" IP address authentication.
And S13, performing AD authentication on the authentication request according to the authentication strategy.
The greatest advantage of the AD (Active Directory) authentication is that centralized management is achieved. The existing AD users are integrated to the unified identity management center, the user login only needs to be carried out by verifying the users to the unified identity management center, and the identity management center is directly connected to the AD server to verify corresponding user information.
Previously, the setting is repeated for a plurality of times on a myriad of clients, and only one setting is made on the domain controller. The workload of the administrator is reduced, the total cost of ownership is reduced, and the administrator is facilitated.
Through AD authentication, as long as a user verifies the identity during login, all the access-allowed resources in the domain forest can be directly accessed without identity verification, so that the efficiency is improved, and the maintenance cost is reduced.
In this embodiment, the authentication type is AD authentication, and it is needless to say that one of database authentication, NIS authentication, LDPA authentication, and the like may be selected in addition to AD authentication.
The NIS (Network Information Service) is NIS authentication, which is a Directory Service technology (Directory Service) and is used for centrally controlling Network supplies of a plurality of system management databases, simplifies the management work of UNIX and LINUX desktop clients, and the clients can use the management files of a central server by using the NIS authentication Service.
LDAP (Lightweight Directory Access Protocol) is LDAP authentication, a fast way to get centralized, static data about people or resources, and a Protocol for distributing Directory information to many different resources, which is usually used as a centralized address book.
Of course, each of the above identified servers and attributes may be configured in a configuration file.
And S14, returning an authentication result. The authentication result comprises authentication failure and authentication success.
And authenticating the authentication request, acquiring information such as a user name, a password and the like of the client by analyzing the authentication request, and comparing the information with the user name and the password in a pre-stored user list to judge whether the client is a legal user. If the matching result is consistent, the client is a legal user; otherwise, the client is an illegal user.
In this embodiment, after the identity authentication is performed on the client, the relevant authentication prompt information is directly issued to the client, so that corresponding operations are performed according to the relevant authentication prompt information. In this embodiment, of course, the returned authentication result does not limit whether the authentication is successful, and the relevant authentication prompt information may be issued to the client as long as the identity of the client is authenticated. After the authentication fails, the related authentication prompt message may further include authentication failure reason information, for example: wrong password and wrong account number.
As shown in fig. 2, the method for unified account management further includes:
step 131, when the authentication result is that the authentication is successful, sending authentication passing information;
when the user identity is verified as a legal user, the AD authentication is passed, and a verification information input interface is displayed at the moment;
step 132, generating a verification request corresponding to the authentication information, wherein the authentication information comprises a user name;
and step 133, generating first verification information according to the verification request and sending the first verification information to the terminal corresponding to the authentication information.
The terminal here is a device capable of receiving the first verification information, and may be a mobile phone, and the user of the mobile phone account is associated with the user name in the authentication information, that is, the user may search for the mobile phone account through the user name, or may directly use the mobile phone account as the user name. The first verification information can be received in a mail mode besides the first verification information is received by using a mobile phone; if the first verification information is received by adopting a mail mode, the terminal can be the client. The verification information may be a verification code.
And 134, receiving the input second verification information, and logging in a corresponding client if the first verification information is the same as the second verification information. In this step, second authentication information is input through the authentication information input interface.
The invention manages the account and authority of the user in the domain through the domain server in a centralized way, the account information is stored in the domain server, the domain server comprises a database which is composed of the account, the password of the domain, the computer and the like belonging to the domain, through accessing AD, the enterprise can realize the unified identity management of a mailbox system, an office system, a management system and other multi-application systems, and the user can log in all the systems only by using the domain account name and the password, thereby improving the working efficiency.
In this embodiment, before using the AD server and the OpenVPN server, the AD server and the OpenVPN server need to be configured, so as shown in fig. 3, the method for unified account management further includes:
step 21, creating users and groups authenticated by OpenVPN on the AD server;
and step 22, installing an AD authentication plug-in on the OpenVPN server, wherein the AD authentication plug-in can be OpenVPN-auth-ldap.
Step 23, modifying the configuration file of the AD authentication plug-in and adding the content authenticated by the AD server;
and step 24, modifying the OpenVPN configuration file and enabling the AD authentication option.
And after the configuration/modification is completed, restarting the OpenVPN server, and testing the connection of the client.
In this embodiment, during the configuration process, special attention needs to be paid to the time synchronization between the AD server and the OpenVPN server.
Example two
As shown in fig. 4, the present invention provides an account unified management system, which includes an AD server and an OpenVPN server.
OpenVPN is a free source software used to create Virtual Private Network (Virtual Private Network) encrypted channels. By using OpenVPN, a special network channel similar to a local area network can be conveniently built among different network access places such as families, office places, lodging hotels and the like. An OpenVPN server refers to a server in which an OpenVPN software year is installed.
AD is the Active Directory service (Active Directory) oriented by Microsoft corporation to Windows Server. The active directory service is used for hierarchically storing network objects needing to be managed, such as user accounts, printers, domains, application programs and the like, so that an administrator can conveniently and quickly search and use related information, and a server providing the active directory service is called an AD server.
The OpenVPN server is used for receiving authentication information and an authentication request of a client 1 and sending the authentication information and the authentication request to the AD server for authentication, wherein the authentication information comprises a user account and a user password;
and the AD server 3 is configured to obtain an authentication policy according to the authentication request information and the authentication request, perform AD authentication on the authentication request according to the authentication policy, and return an authentication result to the OpenVPN server 2. The authentication result comprises authentication failure and authentication success.
The greatest advantage of the AD authentication is that centralized management is achieved. The existing AD users are integrated to the unified identity management center, the user login only needs to be carried out by verifying the users to the unified identity management center, and the identity management center is directly connected to the AD server to verify corresponding user information.
Previously, the setting is repeated for a plurality of times on a myriad of clients, and only one setting is made on the domain controller. The workload of the administrator is reduced, the total cost of ownership is reduced, and the administrator is facilitated.
Through AD authentication, as long as a user verifies the identity during login, all the access-allowed resources in the domain forest can be directly accessed without identity verification, so that the efficiency is improved, and the maintenance cost is reduced.
In this embodiment, the authentication request is authenticated, and the authentication request may be analyzed to obtain information such as a user name and a password of the client, and the information is compared with the user name and the password in the pre-stored user list to determine whether the client is a valid user. If the matching result is consistent, the client is a legal user; otherwise, the client is an illegal user.
In this embodiment, after the identity authentication is performed on the client, the relevant authentication prompt information is directly issued to the client, so as to perform corresponding operations according to the relevant authentication prompt information. In this embodiment, of course, the returned authentication result is not limited to whether the authentication is successful, and the relevant authentication prompt information may be issued to the client as long as the identity of the client is authenticated. After the authentication fails, the related authentication prompt message may further include authentication failure reason information, for example: wrong password and wrong account number.
In this embodiment, the AD server is further configured to send AD authentication passing information to the OpenVPN server.
And when the user identity is verified as a legal user, the AD authentication is passed, and a verification information input interface is displayed at the moment.
The OpenVPN server is further used for generating a verification request corresponding to the authentication information when AD authentication passing information sent by the AD server is received; and the OpenVPN server generates first verification information according to the verification request and sends the first verification information to a terminal corresponding to the authentication information. The authentication information here includes a user name.
The terminal here is a device capable of receiving the first verification information, and may be a mobile phone, and the user of the mobile phone account is associated with the user name in the authentication information, that is, the user may search for the mobile phone account through the user name, or may directly use the mobile phone account as the user name. The first verification information can be received in a mail mode besides the first verification information is received by using a mobile phone; if the first verification information is received by adopting a mail mode, the terminal can be the client. The verification information may be a verification code.
The OpenVPN server is further configured to receive second authentication information input by a user, compare the first authentication information with the second authentication information, and log in a corresponding client if the first authentication information is the same as the second authentication information. In this step, second authentication information is input through the authentication information input interface.
The invention manages the account and authority of the user in the domain through the domain server in a centralized way, the account information is stored in the domain server, the domain server comprises a database which is composed of the account, the password of the domain, the computer and the like belonging to the domain, through accessing AD, the enterprise can realize the unified identity management of a mailbox system, an office system, a management system and other multi-application systems, and the user can log in all the systems only by using the domain account name and the password, thereby improving the working efficiency.
In this embodiment, the system for unified management of accounts further includes:
a creating unit configured to create OpenVPN authenticated users and groups on an AD server; the creating unit is further used for installing an AD authentication plug-in on the OpenVPN server; the AD authentication plug-in can be openvpn-auth-ldap.
A configuration unit for modifying the configuration file of the AD authentication plug-in and adding the content authenticated by the AD server; the configuration unit is further configured to modify the OpenVPN configuration file and enable the AD authentication option.
And after the configuration/modification is completed, restarting the OpenVPN server, and testing the connection of the client.
It is particularly noted that the account unified management system further comprises a time synchronization unit for synchronizing the time of the AD server and the OpenVPN server.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. An account unified management method is characterized by comprising the following steps:
acquiring an authentication request, wherein the authentication request comprises authentication information;
generating an authentication strategy according to the authentication request;
performing AD authentication on the authentication request according to the authentication strategy;
and returning an authentication result.
2. The method as claimed in claim 1, further comprising issuing related authentication prompt information after authenticating the authentication request.
3. The method for unified account management according to claim 1, wherein specifically performing AD authentication on the authentication request includes:
acquiring authentication information in the authentication request by analyzing the authentication request, and comparing the authentication information with authentication information in a pre-stored user list to judge whether the user is a legal user; if the matching is consistent, the user is a legal user; otherwise, the user is an illegal user.
4. The method for unified account management according to claim 1, further comprising:
if the authentication is successful, sending authentication passing information;
generating a verification request corresponding to the authentication information;
generating first verification information according to the verification request and sending the first verification information to a terminal corresponding to authentication information;
and receiving input second verification information, and logging in a corresponding client if the first verification information is the same as the second verification information.
5. The method for unified account management according to claim 1, wherein the method for unified account management comprises the steps of:
creating OpenVPN authenticated users and groups on an AD server;
installing an AD authentication plug-in on the OpenVPN server;
modifying the configuration file of the AD authentication plug-in and adding the content authenticated by the AD server;
and modifying the OpenVPN configuration file and enabling an AD authentication option.
6. An account unified management system is characterized by comprising an AD server and an OpenVPN server;
the OpenVPN server is used for receiving an authentication request of a client and sending the authentication request to the AD server for authentication; the authentication request includes authentication information;
and the AD server is used for obtaining an authentication strategy according to the authentication request, performing AD authentication on the authentication request according to the authentication strategy, and returning an authentication result to the OpenVPN server.
7. The system as claimed in claim 6, wherein the AD server further comprises an issuing unit for issuing the related authentication prompt message after authenticating the authentication request.
8. The system according to claim 6, wherein the AD server AD-authenticates the authentication request specifically includes:
acquiring authentication information in the authentication request by analyzing the authentication request, and comparing the authentication information with authentication information in a pre-stored user list to judge whether the user is a legal user; if the matching is consistent, the user is a legal user; otherwise, the user is an illegal user.
9. An account unified management system according to claim 6,
the AD server is also used for sending AD authentication passing information to the OpenVPN server;
the OpenVPN server is further used for generating a verification request corresponding to the authentication information when AD authentication passing information sent by the AD server is received; the OpenVPN server generates first verification information according to the verification request and sends the first verification information to a terminal corresponding to the authentication information;
the OpenVPN server is further used for receiving second authentication information input by a user, comparing the first authentication information with the second authentication information, and logging in a corresponding client if the first authentication information is the same as the second authentication information.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, performs a management method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811146157.XA CN110971566A (en) | 2018-09-29 | 2018-09-29 | Account unified management method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811146157.XA CN110971566A (en) | 2018-09-29 | 2018-09-29 | Account unified management method, system and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110971566A true CN110971566A (en) | 2020-04-07 |
Family
ID=70027142
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811146157.XA Pending CN110971566A (en) | 2018-09-29 | 2018-09-29 | Account unified management method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110971566A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881443A (en) * | 2020-06-16 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Multi-user authentication method and system based on AI training management platform |
| CN113497806A (en) * | 2021-07-05 | 2021-10-12 | 国铁吉讯科技有限公司 | Remote login method, device and storage medium |
| CN113507375A (en) * | 2021-07-05 | 2021-10-15 | 国铁吉讯科技有限公司 | Remote login method and device based on time series password and storage medium |
| CN113515330A (en) * | 2020-04-10 | 2021-10-19 | 南方电网科学研究院有限责任公司 | Cloud desktop security authentication method and system based on domestic password technology |
| CN113783828A (en) * | 2020-11-25 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Business system monitoring method and device |
| CN114363165A (en) * | 2022-01-06 | 2022-04-15 | 中国工商银行股份有限公司 | Configuration method of electronic equipment, electronic equipment and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857501A (en) * | 2012-08-28 | 2013-01-02 | 曙光信息产业(北京)有限公司 | User identity authentication system and authentication method thereof |
| CN106331003A (en) * | 2015-06-23 | 2017-01-11 | 中国移动通信集团重庆有限公司 | A method and device for accessing an application portal system on a cloud desktop |
| CN106534219A (en) * | 2016-12-31 | 2017-03-22 | 中国移动通信集团江苏有限公司 | Security authentication method and device for desktop cloud portal |
-
2018
- 2018-09-29 CN CN201811146157.XA patent/CN110971566A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857501A (en) * | 2012-08-28 | 2013-01-02 | 曙光信息产业(北京)有限公司 | User identity authentication system and authentication method thereof |
| CN106331003A (en) * | 2015-06-23 | 2017-01-11 | 中国移动通信集团重庆有限公司 | A method and device for accessing an application portal system on a cloud desktop |
| CN106534219A (en) * | 2016-12-31 | 2017-03-22 | 中国移动通信集团江苏有限公司 | Security authentication method and device for desktop cloud portal |
Non-Patent Citations (3)
| Title |
|---|
| HISOKA: "OpenVPN使用OpenLDAP来做登录鉴权", 《HTTPS:// HISOKA0917.GITHUB.IO/LINUX/2017/12/25/OPENVPN-WITH-OPENLDAP/》 * |
| HOCCBOY: "openvpn部署之部署基于AD域认证", 《HTTPS://BLOG.51CTO.COM/HOCCBOY/1718094》 * |
| 高文龙: "Centos7+Openvpn使用Windows AD验证登陆", 《 HTTPS://BLOG.51CTO.COM/GAOWENLONG/1887083》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113515330A (en) * | 2020-04-10 | 2021-10-19 | 南方电网科学研究院有限责任公司 | Cloud desktop security authentication method and system based on domestic password technology |
| CN113515330B (en) * | 2020-04-10 | 2024-04-26 | 南方电网科学研究院有限责任公司 | Cloud desktop security authentication method and system based on domestic cryptographic technology |
| CN111881443A (en) * | 2020-06-16 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Multi-user authentication method and system based on AI training management platform |
| CN113783828A (en) * | 2020-11-25 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Business system monitoring method and device |
| CN113783828B (en) * | 2020-11-25 | 2023-09-05 | 北京沃东天骏信息技术有限公司 | Service system monitoring method and device |
| CN113497806A (en) * | 2021-07-05 | 2021-10-12 | 国铁吉讯科技有限公司 | Remote login method, device and storage medium |
| CN113507375A (en) * | 2021-07-05 | 2021-10-15 | 国铁吉讯科技有限公司 | Remote login method and device based on time series password and storage medium |
| CN113497806B (en) * | 2021-07-05 | 2023-07-04 | 国铁吉讯科技有限公司 | Remote login method, device and storage medium |
| CN113507375B (en) * | 2021-07-05 | 2024-03-01 | 国铁吉讯科技有限公司 | Remote login method and device based on time sequence password and storage medium |
| CN114363165A (en) * | 2022-01-06 | 2022-04-15 | 中国工商银行股份有限公司 | Configuration method of electronic equipment, electronic equipment and server |
| CN114363165B (en) * | 2022-01-06 | 2024-01-30 | 中国工商银行股份有限公司 | Configuration method of electronic equipment, electronic equipment and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12095752B2 (en) | System for managing remote software applications | |
| JP6754809B2 (en) | Use credentials stored in different directories to access a common endpoint | |
| CN110971566A (en) | Account unified management method, system and computer readable storage medium | |
| US9942224B2 (en) | Management and authentication in hosted directory service | |
| KR100389160B1 (en) | Method and apparatus to permit automated server determination for foreign system login | |
| RU2598324C2 (en) | Means of controlling access to online service using conventional catalogue features | |
| JP5787640B2 (en) | Authentication system, authentication method and program | |
| JP5375976B2 (en) | Authentication method, authentication system, and authentication program | |
| CN109474632B (en) | Method, apparatus, system, and medium for authenticating and managing rights of user | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| US10148637B2 (en) | Secure authentication to provide mobile access to shared network resources | |
| US20040103203A1 (en) | Methods and systems for sharing a network resource with a user without current access | |
| US10911299B2 (en) | Multiuser device staging | |
| JP2017529629A (en) | Managing application access to directories with a hosted directory service | |
| US10178103B2 (en) | System and method for accessing a service | |
| CN110636057B (en) | Application access method and device and computer readable storage medium | |
| CN101741558A (en) | Method for realizing uniform identity authentication | |
| US11706209B2 (en) | Method and apparatus for securely managing computer process access to network resources through delegated system credentials | |
| CN113452711A (en) | Single sign-on method of cloud desktop and network equipment | |
| CN110691089B (en) | Authentication method applied to cloud service, computer equipment and storage medium | |
| MXPA04007410A (en) | Moving principals across security boundaries without service interruption. | |
| US20220394040A1 (en) | Managing user identities in a managed multi-tenant service | |
| US20170250978A1 (en) | Method and system for managing secure custom domains | |
| CN109861982A (en) | A kind of implementation method and device of authentication | |
| US11411813B2 (en) | Single user device staging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200407 |
|
| WD01 | Invention patent application deemed withdrawn after publication |