摘要 |
A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server. The pre-authentication data includes information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt. The method is effected as a background process during the login, and is initiated after the ticket has been returned to the workstation from the authentication server to avoid RPC deadlock. To audit the login, information from the pre-authentication data is used to obtain a simple name of the user. The simple name is then converted into a global format and evaluated. If the name is recognized, it is passed along with the workstation address to an audit API. If the name is invalid, the audit is suspended. After the information is recorded or the audit suspended, as the case may be, process control is returned to the login routine. Preferably, the routine is implemented within the security service of the distributed computing environment.
|