The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent the work is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
Authentication systems typically associate a single secret (i.e., credential or identifying information such as a password, a certificate, or biometric data) with an entity. For example, an entity may be granted or denied access to one or more resources based on a single password. When the password expires or is deliberately changed, the password is reset. That is, an existing (old) password is changed and replaced with a new password. When the password is reset, the old password is immediately invalidated and cannot be used.
In certain environments, such as services running on servers, a service executes on a server as an entity. Unique identifying information is tied to the service. A central authentication system uses the identifying information for authenticating access by the service to one or more resources. When a password for a service account (an account associated with a service) is reset in the central authentication system, the new password needs to be updated on every server that uses the service account. Failure to update the new password on a machine prevents the service from executing on that machine since the old password used by the service on that machine is no longer valid.
For example, a series of front-end systems may ingest data and transmit the data to various backend systems. It is common, while not advised, that the front-end systems all use the same entity for authentication to a backend system. If the entity used by the front-end systems to authenticate with the backend system has the password changed then all the front-end systems need to be updated to use the new password. However, at times the administrators might not readily know where an entity is being used within their services (e.g., may not be documented and/or may be forgotten). Accordingly, when failures occur on these devices after resetting the password in the central authentication system, the failures may be the only way to discover these devices, after which the new password can be updated on these devices. This leads to potentially service impacting disruptions.