Server pool kerberos authentication scheme

摘要

The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

主权项

1. A method of generating a Service Ticket for a requested network service, comprising:
receiving, by a granting computing device, the granting computing device being different and distinct from a client computing device, a request for a Service Ticket for a requested network service from the client computing device; in response to receiving the request for the Service Ticket from the client computing device, querying, by the granting computing device, a database that indicates which of one or more servers provides the requested network service; determining, by the granting computing device based on the querying, that the requested network service is provided by a server pool comprising a plurality of servers, the plurality servers being to allow access by the client computing device to the requested network service only when presented with the Service Ticket and only when the Service Ticket includes a session key; generating, by the granting computing device, the session key, to facilitate access of the requested network service by the client computing device to the plurality of servers; for each respective server of the plurality of servers of the server pool, encrypting, by the granting computing device, a copy of the session key with a respective secret key associated with a respective one of the plurality of the servers of the server pool to create a set of respective encrypted session keys, wherein each respective encrypted session key in the set of respective encrypted session keys corresponds to one of the respective servers of the server pool; creating, by the granting computing device, the Service Ticket that includes the set of respective encrypted session keys; and transmitting, by the granting computing device, the created Service Ticket to the client computing device to allow the client computing device to access the requested network service at the plurality of servers, the access by the client computing device including provision, by the client computing device to one or more of the plurality of servers of the server pool, of the Service Ticket to access the requested network service.