Browse Prior Art Database

Keeping Passwords in Sync across Multiple Domains

IP.com Disclosure Number: IPCOM000114660D
Original Publication Date: 1995-Jan-01
Included in the Prior Art Database: 2005-Mar-29
Document File: 2 page(s) / 46K

Publishing Venue

IBM

Related People

Foltz, RC: AUTHOR [+2]

Abstract

Disclosed is a method to propagate password changes to multiple domains containing the user.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 69% of the total text.

Keeping Passwords in Sync across Multiple Domains

      Disclosed is a method to propagate password changes to multiple
domains containing the user.

      LAN Server* keeps user information on a per-domain basis.  All
servers within a domain share a common set of data for each user.
When a user is a member of more than one domain, the user definition
in each domain is unique.  A problem arises when the user wishes to
keep a common password in all of the domains containing the user's
id.  The user must specifically change the password in each domain to
keep them in sync.

      This problem can be solved when multiple LAN Server domains are
integrated into a DCE** cell.  Making LAN Server domain controllers
members of the cell allows all the domains in a cell to keep a set of
attributes common.

      Passwords present two additional problems.  The password change
algorithm in LAN Server 3.0 sends a one-way transformed password to
the domain controller.  For an integrated LAN Server the original
password must be sent.  The domain controller will then change the
user's password in the DCE cell registery on behalf of the client.
The other domain controllers can then synchronize the new password to
their local net.acc.

      The second problem is to make the password change appear
instantaneous across all domains in the cell.  Any synchronization
mechanism will experience some delay getting the new password to all
the domains.  In order to hide th...