| 摘要 |
The present invention provides a method, system, and computer program product for synchronizing security credentials of users and/or groups of users between directories, operating system platforms, and/or registries. A user's security credentials at a master registry are to be securely set (or reset). To ensure that the user has the required permission for this operation, the user is first authenticated with a trusted authenticating domain. The authenticating domain may be identified by the user, or the identification of the domain may be obtained from the master registry. The master registry may store an identification of the authenticating domain on a per-user basis, or for groups of users, or for the master registry as a whole. The credentials may be propagated to other registries, in addition to the master. This technique enables synchronizing multiple copies of a user's security credentials without requiring access to a plaintext version thereof, and without forcing the credentials to a new value as part of the synchronization process.
|
