Browse Prior Art Database

User Profile Enrollment and Swapping for Servers

IP.com Disclosure Number: IPCOM000106945D
Original Publication Date: 1992-Jan-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 1 page(s) / 36K

Publishing Venue

IBM

Related People

Beck, JR: AUTHOR [+6]

Abstract

Disclosed is a secure method for changing the user profile that a process is executing on behalf of. By specifying a valid password/user profile pair, a token is returned that can be used to switch the user profile the process is executing under (from the current user profile, to the user profile identified by the token).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 87% of the total text.

User Profile Enrollment and Swapping for Servers

       Disclosed is a secure method for changing the user
profile that a process is executing on behalf of.  By specifying a
valid password/user profile pair, a token is returned that can be
used to switch the user profile the process is executing under (from
the current user profile, to the user profile identified by the
token).

      Three system Application Program Interfaces (APIs) are defined.
The first API enrolls users and returns a token, the second API
changes the user profile the process is running under to the user
profile identified by a valid token, and the third API will release a
valid token so that it may no longer be used by the job.
     1.  The input to the first API is a user profile and a password.
The API will authenticate the user profile (i.e., the user profile
exists on the system and the password is correct for that user
profile).  If they are correct, the API will enroll the profile and
return a token that will be used by the application program to
identify that user profile.  The token is only valid in the job that
the token was generated.  Repeated attempts to 'guess' the password
for any given profile will cause that user profile to become
disabled.
     2.  The input to the second API is a token.  If the token is
valid, the user profile that the job is running under is changed to
the profile identified by that token. Any use of an invalid token
(one not created by the fi...