Setuid-filter method for providing secure access to a credentials store for computer systems

摘要

A method that provides access to Privileged Accounts to users by way of a two-way-encrypted credential store. In accordance with this invention, a process that needs to retrieve credentials for a third party system causes the operating system to launch a second process. This second process runs under a secured user id without interactive access. The requesting process can then pass generalized command streams to the second process, including tokenized credential retrieval requests. These tokenized credential retrieval requests are processed to authenticate the requests, perform audit logging of requests and retrieval of credentials. Tokenized credential requests transformed by the second process into credentials, which can be embedded within a command stream and then either forwarded to a sub-process or returned to the requesting process.