| 摘要 |
A method of storing secret data in a shared computing environment includes defining secret data, such as a password and administration policies according to a schema of a directory server such as a LDAP server. The secret data and administration polices are centrally stored on the LDAP server. The secret data can be encrypted. Administration polices include authorization and authentication policies, and a security zone can be defined for a collection of entities with a common security characteristic, such as a common password. A security zone defines a group of users and the secret data that can be accessed by the group of users. Multiple security zones can be defined. The secret data can be accessed directly from the server of the directory service without accessing another server or data store assuming the administration policies are satisfied.
|
