Claims
- 1. A network system server that provides password synchronization between a main data store and a plurality of secondary data stores, said network system server comprising:
- a security server coupled to said main data store, said security server controlling communication with said main data store;
- a plurality of clients coupled to said security server, said plurality of clients only accessing said main data store through said security server, each of said plurality of clients maintaining a unique, modifiable password;
- a password synchronization server coupled to said security server and to said plurality of secondary data stores; and
- a password repository coupled to said password synchronization server, said password repository storing passwords of said plurality of clients, said passwords in said password repository being retrievable by said plurality of secondary data stores via said password synchronization server so that each client is able to maintain a single, unique password for all of said plurality of secondary data stores.
- 2. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for each of said plurality of clients, each information account including a password of a corresponding client.
- 3. A network system server according to claim 2, said security server providing a clear-text password to said password synchronization server for retrieval by said one of said plurality of secondary data stores.
- 4. A network system server according to claim 3, said security server including means for encrypting said clear-text password for storage in said information account.
- 5. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for said password synchronization server that binds each of said plurality of secondary data stores with each of said plurality of clients.
- 6. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for each of said plurality of secondary data stores.
- 7. A network system server according to claim 1, further comprising:
- a temporary memory data store coupled to said password synchronization server and containing information supporting a propagation retry, said temporary memory data store allowing said password synchronization server to perform a propagation retry in the event of an outage of a temporary foreign registry or said password synchronization server.
- 8. A network system server according to claim 1, at least one of said plurality of secondary data stores accessing passwords in said password repository regardless of the current password status of said plurality of secondary data stores.
- 9. A computer program product that provides password synchronization between a main data store and a plurality of secondary data stores, said computer program product comprising:
- computer usable code means for maintaining a unique, modifiable password for each of a plurality of clients coupled to said main data store;
- computer usable code means for retrieving a password for one of said plurality of secondary data stores so that each client among said plurality of clients is able to maintain a single, unique password for said main data store and all of said plurality of secondary data stores, such that password synchronization is maintained.
- 10. A computer program product according to claim 9, and further comprising:
- computer usable code means for providing a clear-text password based on said user's unique password; and
- computer usable code means for retrieving said clear-text password by said one of said plurality of secondary data stores.
- 11. A computer program product according to claim 10, and further comprising:
- computer usable code means for encrypting said clear-text password; and
- computer usable code means for storing said encrypted clear-text password in an information account.
- 12. A computer program product according to claim 9, and further comprising:
- computer usable code means for binding each of said plurality of secondary data stores with each of said plurality of clients.
- 13. A computer program product according to claim 9, and further comprising:
- computer usable code means for performing a propagation retry in the event of an outage of a temporary foreign registry or password synchronization server.
- 14. A computer program product according to claim 9, said password retrieval being instigated by at least one of said plurality of secondary data stores regardless of the current password status of said plurality of secondary data stores.
- 15. A computer program product according to claim 9, and further comprising:
- computer usable code means for checking that each client maintains a password having a composition consistent with a set of rules selected for said main data store.
- 16. A computer program product according to claim 9, said computer usable code means for retrieving comprising:
- computer usable code means, responsive to receipt of a request for a password of a particular client among said plurality of clients, said request being transmitted by a requestor associated with one of said plurality of secondary data stores, for determining if said requestor is permitted access to said password of said particular client; and
- computer usable code means, responsive to a determination that said requestor is permitted access to said password, for transmitting said password to said requestor for storage in said one of said plurality of secondary data stores.
- 17. A computer program product according to claim 16, wherein:
- said computer usable code means for transmitting comprises the computer usable code means for transmitting said password to said requestor in encrypted form; and
- said computer program product further comprises computer usable code means for transmitting, to said requester, an indication of a type of encryption utilized to encrypt said password.
- 18. A method of providing password synchronization between a main data store and a plurality of secondary data stores, said method comprising:
- maintaining a unique, modifiable password for each of a plurality of clients coupled to said main data store; and
- retrieving a password for one of said plurality of secondary data stores so that each client among said plurality of clients is able to maintain a single, unique password for said main data store and all of said plurality of secondary data stores, such that password synchronization is maintained.
- 19. A method according to claim 18, and further comprising the step of:
- providing a clear-text password for retrieval by said one of said plurality of secondary data stores.
- 20. A method according to claim 19, and further comprising the step of:
- encrypting said clear-text password; and
- storing said encrypted clear-text password in an information account.
- 21. A method according to claim 18, and further comprising the step of:
- binding each of said plurality of secondary data stores with each of said plurality of clients.
- 22. A method according to claim 17, and further comprising the step of:
- performing a propagation retry in response to an outage of a temporary foreign registry or password synchronization server.
- 23. A method according to claim 18, said password retrieval being instigated by at least one of said plurality of secondary data stores regardless of the current password status of said plurality of secondary data stores.
- 24. A method according to claim 18, and further comprising:
- checking that each client maintains a password having a composition consistent with a set of rules selected for said main data store.
- 25. A method according to claim 18, said retrieving step comprising the steps of:
- in response to receipt of a request for a password of a particular client among said plurality of clients, said request being transmitted by a requestor associated with one of said plurality of secondary data stores, determining if said requestor is permitted access to said password of said particular client; and
- in response to a determination that said requester is permitted access to said password, transmitting said password to said requestor for storage in said one of said plurality of secondary data stores.
- 26. A method according to claim 25, wherein: said transmitting step comprises the step of transmitting said password to said requestor in encrypted form; and
- said method further comprises the step of transmitting, to said requestor, an indication of a type of encryption utilized to encrypt said password.
CROSS-REFERENCE TO RELATED APPLICATIONS
The present application is related to U.S. patent application Ser. No. 08/557,755 Attorney Docket No. AT9-95-065, entitled "Propagating Plain-Text Passwords from a Main Registry to a Plurality of Foreign Registries," and U.S. patent application Ser. No. 08/556,724 Attorney Docket No. AT9-95-067, entitled "Configurable Password Integrity Servers for Use in a Shared Resource Environment," all filed of even date herewith by the inventors hereof and assigned to the assignee herein, and incorporated by reference herein.
US Referenced Citations (10)