1. Field of the Invention
The present invention relates generally to mechanisms for providing security within computer systems. More specifically, the present invention relates to a method and apparatus for managing bootstrap credentials for credentials-storage systems.
2. Related Art
Middle-tier applications running on top of application servers typically need to communicate with Enterprise Information System (EIS) tiers to access application-specific information related to end-users. To facilitate these communications, middle-tier applications typically store end-user credentials in back-end systems, such as RDBMS/LDAP servers.
However, this type of solution is incomplete because bootstrap credentials for credentials-storage systems still need to be managed. One common way to resolve this problem is to prompt the administrator for the credentials-storage system to obtain bootstrap credentials during system startup. However, in cases where the administrator is not present, for example in cron jobs or in restart scenarios, this is not a viable option. Another common way to resolve this problem is to store the bootstrap credentials in a local configuration file of the credentials-storage system. For example, a bootstrap credential can be stored in an XML file that contains the host:port and username/password of the backend system. However, this solution begs the question of how to secure these all-important bootstrap credentials when they are stored in such local files.
Hence, what is needed is a method and apparatus that facilitates securely storing bootstrap credentials for a credentials-storage system without the above-described problems.