| 主权项 |
1. A method for automatically updating credential information between a trusted server residing on a trusted network and an edge server residing on a perimeter network outside the trusted network, at least one server in the trusted network administering a distributed directory service, said method comprising:
reading, by the trusted server, current credential information associated with the edge server residing on the perimeter network outside the trusted network, wherein the credential information includes a public key created by the edge server and a password created by the edge server, said public key and said password being associated with the edge server; determining, by the trusted server, an expiration status of the current credential information associated with the edge server; storing replacement credential information in an edge configuration object in the distributed directory service when a replacement criteria is met, said replacement credential information including a replacement password created by and associated with the edge server, said replacement password being encrypted; propagating, by any trusted server in the trusted network, the replacement credential information stored in the edge configuration object from the distributed directory service to the edge server in the perimeter network, wherein said trusted server secures the authenticity of the replacement credential information by digitally signing the credential information with a private key created by and associated with said trusted server; verifying, at the edge server, that the replacement credential information received from the propagating trusted server has been digitally signed by said propagating trusted server, whereby the replacement credential information is rejected when said verifying fails; and utilizing, by the trusted server, the replacement credential information when an attempt to utilize the current credential information fails. |
