1. Field of the Invention
The present invention relates to network access and, more particularly, to a method and apparatus for providing a password interface to multiple password domains.
2. Description of the Related Art
Data communication networks may include various computers, servers, nodes, routers, switches, hubs, proxies, and other devices coupled to and configured to pass data to one another. These devices will be referred to herein as “network devices.” Data is communicated through the data communication network by passing data packets (or data cells or segments) between the network devices by utilizing one or more communication links. A particular packet may be handled by multiple network devices and cross multiple communication links as it travels between its source and its destination over the network.
The various network devices on the communications network communicate with each other using predefined sets of rules, referred to herein as protocols. Different protocols are used to govern different aspects of the communication, such as how signals should be formed for transmission between network devices, various aspects of what the data packets should look like, and how packets should be handled by the network devices.
In a large networks, portions of the network may be configured to interconnect subsets of the total number of computers or network devices operating on the network. It is also not uncommon for each portion, or domain, to use different communication protocols and interconnect computers running different operating systems.
Conventionally, each domain attempts to maintain security by requesting users attempting to access resources on the domain to authenticate their identity utilizing a password. Passwords for valid users are stored in a password database managed by a local password database management system. Likewise, applications running within the domain may have their own password access portals to restrict access to the particular application.
On a large corporate network, including dozens or hundreds of domains and hundreds of applications, maintenance of the large number of password databases may get prohibitively expensive. Specifically, any time user privileges associated with a particular user are modified those modifications must be propagated to all password databases associated with systems (applications or domains) to which the user has been granted privileges. Additionally, employing multiple password databases requires the user to remember multiple passwords, possibly dictated by rules imposed by the network administrator for the particular domain or application. These large number of password infrastructures inevitably leads to a reduction in security, since an user is unlikely to be able to remember a large number of passwords, and thus is likely to keep a written list of passwords for the various systems available at their desk. The large number of password infrastructures also requires a large service department, since each password database will need to be maintained by an administrator, and the help desk will need to interface with users that have lost or forgotten their passwords for the various systems. Accordingly, it would be advantageous to have a mechanism for allowing a network user to utilize a single password for access to the disparate network resources.