[go: up one dir, main page]

WO2016082366A1 - Template based logged in user management method, user login method and device - Google Patents

Template based logged in user management method, user login method and device Download PDF

Info

Publication number
WO2016082366A1
WO2016082366A1 PCT/CN2015/073660 CN2015073660W WO2016082366A1 WO 2016082366 A1 WO2016082366 A1 WO 2016082366A1 CN 2015073660 W CN2015073660 W CN 2015073660W WO 2016082366 A1 WO2016082366 A1 WO 2016082366A1
Authority
WO
WIPO (PCT)
Prior art keywords
aaa
user
template
login
mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/073660
Other languages
French (fr)
Chinese (zh)
Inventor
陈文博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016082366A1 publication Critical patent/WO2016082366A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method for managing a login user based on a template, and a method and device for logging in to a user.
  • the login type is generally TELNET (a program for remote login on the Internet), and SSH (Secure Shell, a secure shell protocol). , WEB, etc., after user authentication is authenticated, the device can be configured.
  • the management for login users is mainly AAA, namely Authentication, Authorization, and Accounting.
  • the authentication method is to verify whether the user accessing the device is legal to determine whether to allow the user to access; the authorization method is to authorize the accessed user to allow those services or what permissions; the accounting method is to record the user operating the device. Usually the three are used together.
  • AAA A common implementation of AAA is to deploy the AAA method based on the login type or user type.
  • the login type such as serial port login, TELNET login, SSH login, WEB login, etc.
  • user type login user, ppp user, etc.
  • the global effect, which objectively limits the user's final AAA method is subject to the login type or user type bound by the AAA method. Take the login type as an example. If the AAA method is bound to line vty 1, the users logging in from vty 1 all correspond to the same AAA method.
  • an embodiment of the present invention provides a method and a device for managing a login user based on a template, and setting different AAA policies for different AAA templates, and binding the AAA template to a specific user, in order to achieve Different AAA policies for users.
  • a method for managing a login user based on a template comprising: configuring one or more AAA policies; creating an AAA template, and binding the AAA policy to the AAA template Creating a user mode of the logged in user; and binding the AAA template to the user mode.
  • the AAA template includes one or more of an AAA authentication template, an AAA authorization template, and an AAA accounting template.
  • the AAA policy includes at least: an AAA server type in the AAA server group and an AAA server switching policy in the AAA server group.
  • the method further includes: binding the corresponding login type in the user mode.
  • the user mode includes: a default user mode and a user configuration mode.
  • the login type is: a console login type, a Telnet login type, an SSH login type, an FTP login type, or a WEB login type.
  • a method for user login includes: acquiring login information and a login type input by a login user; and matching, according to the login information input by the user, whether the device is configured locally.
  • User configuration mode if it matches, the configured login type is obtained from the matching user configuration mode; otherwise, the configured login type is obtained from the default user mode; the login type of the login user is matched with the configured login type, if If the matching is performed, the AAA template corresponding to the matched user configuration mode or the default user mode is obtained according to the corresponding relationship between the user mode and the AAA template.
  • the AAA template or the AAA authentication and the AAA authorization are initiated according to the matched AAA template.
  • the login failure is prompted.
  • the method further includes: configuring one or more AAA policies; creating an AAA template, binding the AAA policy to the AAA template; creating a user mode of the logged in user; and tying the AAA template Set to the user mode.
  • an apparatus for managing a login user based on a template comprising: a configuration module configured to configure one or more AAA policies; and a first binding module configured to create an AAA a template, the AAA policy is bound to the AAA template; a module is created to create a user mode; and a second binding module is configured to bind the AAA template to the user mode.
  • the device further includes: a third binding module, configured to bind the corresponding login type in the user mode.
  • a third binding module configured to bind the corresponding login type in the user mode.
  • a device for user login comprising: a first obtaining module, configured to acquire login information and a login type input by a login user; and a first matching module configured to be The login information input by the user matches whether the corresponding user configuration mode is configured locally; if it matches, the configured login type is obtained from the matched user configuration mode; otherwise, the configured login type is obtained from the default user mode;
  • the matching module is configured to match the login type of the login user with the configured login type, and if matched, obtain a matching user configuration mode or a default user mode according to a preset correspondence between the user mode and the AAA template.
  • Corresponding AAA template the processing module is configured to initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.
  • the device further includes: a prompting module, configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.
  • a prompting module configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.
  • the device further includes: a configuration module, configured to configure one or more AAA policies;
  • a first binding module configured to create an AAA template, bind the AAA policy to the AAA template, create a module, and set a user mode
  • a second binding module configured to bind the AAA template Set to the user mode
  • the AAA policy can be flexibly used by the method of the present invention to make the login user management of the scenario more flexible and convenient, by using the same or different AAA policies in the scenario of the same or different login types.
  • FIG. 1 is a flowchart of a method for managing a login user based on a template in an embodiment of the present invention
  • FIG. 2 is a second flowchart of a method for managing a login user based on a template according to an embodiment of the present invention
  • FIG. 3 is a configuration binding relationship between an AAA template and a local user or a default user mode according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a RADIUS server authentication and authorization in an embodiment of the present invention.
  • FIG. 7 is a flowchart of a user login in an embodiment of the present invention.
  • FIG. 8 is a second flowchart of user login in an embodiment of the present invention.
  • FIG. 9 is a flowchart of interaction between a terminal device, a router, and an AAA server according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of an apparatus for managing a login user based on a template according to the present invention.
  • FIG. 11 is a schematic structural diagram of an apparatus for logging in by a user in an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for managing a login user based on a template according to an embodiment of the present invention, and the specific steps are as follows:
  • Step S101 Configure one or more AAA policies.
  • the AAA policy includes at least: an AAA server type in the AAA server group and an AAA server switching policy in the AAA server group.
  • TACACS Terminal Access Controller Access Control System
  • RADIUS Remote User Dial-Up Authentication System
  • Diameter Remote Diameter Upgrade Protocol
  • the AAA server type can specify none, TACACS, RADIUS, Diameter, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS, RADIUS, and Diameter server groups. When an AAA server fails, perform intra-group switching.
  • the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS and RADIUS server groups. If an AAA server fails, perform intra-group switching.
  • the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy for server switching. Configure the corresponding server switching policy for TACACS and RADIUS server, and perform intra-group switching when a server fails.
  • Step S103 Create an AAA template, and bind the AAA policy to the AAA template.
  • the AAA template includes: an AAA authentication template, an AAA authorization template, and an AAA accounting template, wherein each AAA template can be bound with the same or different AAA policies, that is, can be configured in the AAA template. Bind this AAA template to the specified login user, such as the server type, server switching policy, and server group policy. When the user logs in, the AAA template bound to the user is searched to determine a specific AAA policy.
  • Step S105 Create a user mode of the login user.
  • the user mode includes: a default user mode and a user configuration mode.
  • the user information is configured on the server side
  • the login user is not created on the local device
  • the AAA template is specified as the server authentication.
  • the embodiment of the present invention provides a default user mode, and the AAA template is bound to the default user mode.
  • the AAA template bound in the default user mode corresponds to the AAA policy.
  • Step S107 Bind the AAA template to the user mode.
  • the test user is bound to the user configuration. You can use the test user to log in to the AAA template.
  • an AAA template may be bound to a user mode according to a specific situation, for example:
  • the user should explicitly prompt the user that the authentication configuration information is missing or error.
  • Case 2 In the scenario where the device has a default authorization policy, the user configuration may not be bound to the AAA authorization template. After the user authentication is passed, the default authorization policy is used to grant the user permission. When the AAA authorization server is abnormal or the network is abnormal, the server cannot be obtained. The authorization result on the side, and the default authorization is also used at this time. If there is no default authorization policy and the user is not bound to the AAA authorization template or the AAA authorization template is incorrectly configured, the user should explicitly prompt the user that the authorized configuration information is missing or incorrect in the environment with terminal output, and the user is not allowed to log in.
  • Case 3 Since the AAA accounting policy is not a mandatory function for the logged-in user, if the AAA accounting function is closed, the user is bound with the AAA accounting template, or when the accounting function is enabled, the user is bound. The billing template is used, but when the template is empty, no billing is performed.
  • a flowchart of the method for managing a login user based on a template in the embodiment of the present invention is different from the method shown in FIG. 1.
  • the method is Also includes:
  • Step S109 Bind the corresponding login type in the user configuration mode.
  • embodiments of the present invention can customize a very flexible combination of authentication, authorization, and accounting for specific users and specific login types to meet the actual user login scenario and user customized management. .
  • the binding relationship between the AAA template and the user information described in the embodiment of the present invention is as follows:
  • Step S301 Configure a server group policy, and specify a server group switching policy.
  • the server group policy includes: a TACACS group T1 policy, a RADIUS group T2 policy, and a Diameter group T3 policy.
  • Step S303 Create an AAA authentication template X1, bind the server group policy to the AAA authentication template X1, create an AAA authorization template X2, bind the server group policy to the AAA authorization template X2, and create an AAA accounting template X3. Bind the server group policy to the AAA accounting template X3.
  • Step S305 Create a user Y, and bind the AAA authentication template X1 and the authorization template X2 to Y or bind the AAA authentication template X1, the AAA authorization template X2, and the AAA accounting template X3 to Y.
  • Step S307 Binding the login type, wherein the login type includes: console, TELNET, SSH, FTP, and WEB.
  • the association between the AAA server configuration information, the AAA authentication template, the AAA authorization template, and the user configuration information is established.
  • FIG. 4 it is a flowchart of the TACACS server authentication and authorization in the embodiment of the present invention.
  • the scenario in which the user is deployed on the TACACS server side to perform TACACS server authentication and authorization is as follows:
  • Step S401 Configure two TACACS servers and apply them to the group policy named T1 in TACACS.
  • step S401 is as follows:
  • Step S403 Create an AAA authentication template 2001, configure the authentication type as TACACS, and bind the TACACS group policy to the AAA authentication template 2001.
  • step S403 is as follows:
  • Step S405 Create an AAA authorization template 2001, configure the authorization type as TACACS, and bind the TACACS group policy to the AAA authorization template 2001.
  • step S405 is as follows:
  • Step S407 Create user user1, configure its password as test (in the example, the ciphertext corresponding to test), and bind the AAA authentication template and AAA authorization template created in steps S403 and S405 to user1.
  • step S407 is as follows:
  • Step S409 If the user is created on the server side and there is no user configuration in the local area, and the server is used for authentication, authorization, and accounting, the AAA authentication template and the AAA authorization template created in steps S403 and S405 are bound in the default user mode.
  • step S409 is as follows:
  • Step S411 Log in to the device by using the deployed user through the access terminal.
  • FIG. 5 it is a flowchart of the RADIUS server authentication and authorization in the embodiment of the present invention.
  • the scenario in which the user is deployed on the RADIUS server side to perform RADIUS server authentication and authorization is as follows:
  • Step S501 Configure two RADIUS servers and apply them to the group policy whose RADIUS name is R1.
  • step S501 is as follows:
  • Step S503 Create an AAA authentication template 2002, configure the authentication type to be RADIUS, and bind the RADIUS group policy to the AAA authentication template 2002.
  • step S503 is as follows:
  • Step S505 Create an AAA authorization template 2002, configure the authorization type to be RADIUS, and bind the RADIUS group policy to the AAA authorization template 2002.
  • step S505 is as follows:
  • Step S507 Create user user1, configure its password as test, and bind the AAA authentication template and AAA authorization template created in steps S503 and S505 to user1.
  • step S507 is as follows:
  • Step S509 If the user is created on the server side and there is no user configuration in the local area, and the server is used for authentication, authorization, and accounting, the AAA authentication template and the AAA authorization template created in steps S503 and S505 are bound in the default user mode.
  • step S509 is as follows:
  • Step S511 Log in to the device by using the deployed user through the access terminal.
  • the Diameter server is mainly used for user authentication, and is similar to the binding policy of the TACACS authentication template.
  • the flow chart of the TACACSS server accounting in the embodiment of the present invention is not required for the logged in user.
  • the AAA authentication and authorization functions are slightly different from the AAA authentication and authorization functions.
  • the enable switch is turned off by default.
  • the specific configuration is as follows:
  • Step S601 Create an AAA accounting template 2003, configure the accounting type as TACACS, and bind the TACACS group policy to the AAA accounting template 2003.
  • the code of step S601 is as follows:
  • step S603 the accounting function is enabled in the user1 configuration mode, and the AAA accounting template 2003 created in step S601 is bound to user1:
  • step S603 is as follows:
  • Step S605 If the user is created on the server side and there is no local user configuration, the accounting function is enabled in the default user mode, as follows:
  • step S605 is as follows:
  • AAA Accounting Template 2003 policy If the accounting function is off (accounting-switch off), the user binds the accounting template of AAA, or when the accounting function is enabled, the user binds the accounting template, but when the template is empty, No accounting is performed.
  • the common login type is mainly console, TELNET, SSH, FTP, WEB, etc., according to the actual access scenario of the network device.
  • the corresponding command in this example is login-type to restrict users from allowing Telnet and SSH login as an example:
  • FIG. 7 it is one of flowcharts of user login in the embodiment of the present invention, and the specific steps are as follows:
  • Step S701 Acquire login information and login type input by the login user.
  • Step S703 According to the login information input by the user, whether the corresponding user configuration mode is configured locally; if the matching is performed, the configured login type is obtained from the matched user configuration mode; otherwise, the configuration is obtained from the default user mode. Login type;
  • Step S705 Matching the login type of the login user with the configured login type, and if they match, obtaining a corresponding user configuration mode or a default user mode according to a preset correspondence between the user mode and the AAA template.
  • AAA template
  • Step S707 Initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.
  • the login failure is prompted.
  • the correspondence between the preset user mode and the AAA template may be established by first configuring one or more AAA policies; then creating an AAA template, and binding the AAA policy to the Under the AAA template; then, create a user mode of the login user; finally bind the AAA template to the user mode.
  • the user login process is as follows:
  • Step S801 Acquire a username and password of the login user.
  • Step S803 According to the user name and password input by the user, whether the corresponding user mode is configured in the user list local to the device. If it matches, the process goes to step S807; otherwise, the process goes to step S805.
  • Step S805 Obtain a login type from the default user mode.
  • Step S807 obtaining a login type of the local configuration user mode
  • Step S809 If the login type of the login user matches the configured login type, proceed to step S811; otherwise, a corresponding error prompt is given.
  • Step S811 Obtain a corresponding AAA method (authentication, authorization, accounting) from the matching user or the default user mode.
  • Step S813 Initiating an authentication, authorization request specifying the AAA method and waiting for a response from the device or the server. If the authentication and authorization are successful, the user logs in successfully.
  • the actual interaction process between the terminal device side, the device (telecom scale switch, router) side and the AAA server side is as shown in Figure 9 when the authentication and authorization template of the template number is 2001.
  • the router prompts the terminal device to input the user name and password.
  • the router inputs "user1" (user name) and "test” (password)
  • the router performs AAA policy matching according to the user name and password.
  • a request for authentication and authorization processing is sent to the AAA server.
  • the router allows the terminal device to log in.
  • FIG. 10 it is a schematic structural diagram of an apparatus for managing a login user based on a template according to the present invention.
  • the apparatus includes: a configuration module 1001, a first binding module 1003, a creating module 1005, and a second binding module 1007, wherein
  • the configuration module 1001 is configured to configure one or more AAA policies; currently, the common servers are TACACS (Terminal Access Controller Access Control System), RADIUS (Remote User Dial-Up Authentication System), and Diameter (RADIUS Upgrade Protocol). Take these three examples as an example to describe the configuration policy of the AAA template. Under the AAA authentication policy, the AAA server type can specify none, TACACS, RADIUS, Diameter, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS, RADIUS, and Diameter server groups. When an AAA server fails, perform intra-group switching.
  • TACACS Terminal Access Controller Access Control System
  • RADIUS Remote User Dial-Up Authentication System
  • Diameter Remote Diameter Upgrade Protocol
  • the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS and RADIUS server groups. If an AAA server fails, perform intra-group switching. Under the AAA accounting policy, the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy for server switching. Configure the corresponding server switching policy for TACACS and RADIUS server, and perform intra-group switching when a server fails.
  • the first binding module 1003 is configured to create an AAA template, and bind the AAA policy to the AAA template.
  • the AAA template includes: an AAA authentication template, an AAA authorization template, and an AAA accounting template, wherein each AAA template can be bound with the same or different AAA policies, that is, can be configured in the AAA template.
  • Server type, server switching policy, server group policy, etc., in the specified login The user binds this AAA template.
  • the AAA template bound to the user is searched to determine a specific AAA policy.
  • the creating module 1005 is configured to create a user mode; that is, configuring user information (user name and password) of the logged-in user, and generating a user mode corresponding to the logged-in user based on the user information.
  • the user mode includes: a default user mode and a user configuration mode.
  • the user information is configured on the server side, the login user is not created on the local device, and the AAA template is specified as the server authentication.
  • the embodiment of the present invention provides a default user mode, and the AAA template is bound to the default user mode.
  • the AAA default method corresponding to the binding in the default user mode is adopted.
  • the second binding module 1007 is configured to bind the AAA template to the user mode.
  • embodiments of the present invention can customize a very flexible combination of authentication, authorization, and accounting for specific users and specific login types to meet the actual user login scenario and user customized management. .
  • the apparatus further includes: a third binding module, configured to bind the corresponding login type in the user mode.
  • a third binding module configured to bind the corresponding login type in the user mode.
  • FIG. 11 is a schematic structural diagram of an apparatus for logging in by a user in an embodiment of the present invention, where the apparatus includes:
  • the first obtaining module 1101 is configured to obtain login information input by the login user.
  • the first matching module 1103 is configured to: according to the login information input by the user, whether the corresponding user configuration mode is configured locally; if the matching is performed, the configured login type is obtained from the matched user configuration mode; otherwise, the default is obtained from the default Get the configured login type in user mode;
  • the second matching module 1105 is configured to match the login type of the login user with the configured login type, and if matched, obtain a matching user configuration mode according to a preset correspondence between the user mode and the AAA template.
  • the AAA template corresponding to the default user mode;
  • the processing module 1107 is configured to initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.
  • the device further includes: a prompting module, configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.
  • a prompting module configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.
  • the device further includes:
  • the configuration module is configured to configure one or more AAA policies
  • a first binding module configured to create an AAA template, and bind the AAA policy to the AAA template
  • the second binding module is configured to bind the AAA template to the user mode.
  • the scenario in which the users of the same or different login types use the same or different AAA policies is solved, and the AAA policy can be flexibly used to enable the login of the scenario.
  • User management is more flexible and convenient.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Provided are a template based logged in user management method, user login method and device, the template based logged in user management method comprising: configuring one type or more types of authentication, authorization, accounting (AAA) policies; creating an AAA template, bonding the AAA policy to the AAA template; creating a user module of the logged in user; bonding the AAA template to the user module, and solving the problem that users having a same or different login types use a same or different scene of the AAA policy. The method in the present invention flexibly uses the AAA policy, thus enabling more flexible and more convenient login user management of the scene.

Description

基于模板的管理登录用户的方法、用户登录的方法及装置Method for managing login user based on template, method and device for user login 技术领域Technical field

本发明涉及通信技术领域,尤其涉及一种基于模板的管理登录用户的方法、用户登录的方法及装置。The present invention relates to the field of communications technologies, and in particular, to a method for managing a login user based on a template, and a method and device for logging in to a user.

背景技术Background technique

在现有的电信级设备场合中,经常需要登录设备进行各种业务的配置,登录类型一般为TELNET(是Internet上远程登录的一种程序)、SSH(Secure Shell,是一种安全外壳协议)、WEB等,进行用户认证鉴权后即可允许配置设备。一般针对登录用户的管理主要为AAA,即Authentication(认证)、Authorization(授权)和Accounting(记账)。In the existing carrier-class equipment, it is often necessary to log in to the device for configuration of various services. The login type is generally TELNET (a program for remote login on the Internet), and SSH (Secure Shell, a secure shell protocol). , WEB, etc., after user authentication is authenticated, the device can be configured. Generally, the management for login users is mainly AAA, namely Authentication, Authorization, and Accounting.

认证方法是验证访问设备的用户是否合法,以确定是否允许用户接入;授权方法是授权已接入的用户允许使用那些服务或具备什么权限;记账方法是记录用户操作设备的情况。通常情况下三者是配合使用的。The authentication method is to verify whether the user accessing the device is legal to determine whether to allow the user to access; the authorization method is to authorize the accessed user to allow those services or what permissions; the accounting method is to record the user operating the device. Usually the three are used together.

AAA常见的实现是根据登录类型或用户类型来部署AAA方法,即配置了AAA后,对登录类型(例如串口登录、TELNET登录、SSH登录、WEB登录等)或用户类型(login用户、ppp用户等)全局生效,这就客观上限制了用户最终对应的AAA方法受制于AAA方法所绑定的登录类型或用户类型。以登录类型为例,如果在line vty 1上绑定了AAA方法,则从vty 1上登录的用户均对应相同的AAA方法。如果希望同一个用户通过不同的vty(virtual teletype terminal,虚拟终端)登录时采取相同的AAA方法,或者不同的用户通过相同的vty登录时采取不同的AAA方法时,这样的部署就不够灵活了。同样的,同一用户类型部署不同的AAA方法时,也会存在上述的情况。A common implementation of AAA is to deploy the AAA method based on the login type or user type. After the AAA is configured, the login type (such as serial port login, TELNET login, SSH login, WEB login, etc.) or user type (login user, ppp user, etc.) The global effect, which objectively limits the user's final AAA method is subject to the login type or user type bound by the AAA method. Take the login type as an example. If the AAA method is bound to line vty 1, the users logging in from vty 1 all correspond to the same AAA method. If you want the same user to adopt the same AAA method when logging in through different vty (virtual teletype terminal), or different users adopt different AAA methods when logging in through the same vty, such deployment is not flexible enough. Similarly, the same situation exists when different AAA methods are deployed for the same user type.

发明内容Summary of the invention

为了解决上述技术问题,发明的实施例提供了一种基于模板的管理登录用户的方法及装置,针对不同的AAA模板设定不同的AAA策略,将该AAA模板绑定到具体用户下,以期实现对用户的不同AAA策略。 In order to solve the above technical problem, an embodiment of the present invention provides a method and a device for managing a login user based on a template, and setting different AAA policies for different AAA templates, and binding the AAA template to a specific user, in order to achieve Different AAA policies for users.

依据本发明的一个方面,提供了一种基于模板的管理登录用户的方法,所述方法包括:配置一种或多种AAA策略;创建AAA模板,将所述AAA策略绑定至所述AAA模板下;创建登录用户的用户模式;以及将所述AAA模板绑定至所述用户模式下。According to an aspect of the present invention, a method for managing a login user based on a template is provided, the method comprising: configuring one or more AAA policies; creating an AAA template, and binding the AAA policy to the AAA template Creating a user mode of the logged in user; and binding the AAA template to the user mode.

可选地,所述AAA模板包括:AAA认证模板、AAA授权模板和AAA记账模板中的一种或多种。Optionally, the AAA template includes one or more of an AAA authentication template, an AAA authorization template, and an AAA accounting template.

可选地,所述AAA策略至少包括:AAA服务器组中AAA服务器类型和AAA服务器组中AAA服务器切换策略。Optionally, the AAA policy includes at least: an AAA server type in the AAA server group and an AAA server switching policy in the AAA server group.

可选地,所述方法还包括:在所述用户模式下绑定相应的登录类型。Optionally, the method further includes: binding the corresponding login type in the user mode.

可选地,所述用户模式包括:默认用户模式和用户配置模式。Optionally, the user mode includes: a default user mode and a user configuration mode.

可选地,所述登录类型为:console登录类型、TELNET登录类型、SSH登录类型、FTP登录类型或WEB登录类型。Optionally, the login type is: a console login type, a Telnet login type, an SSH login type, an FTP login type, or a WEB login type.

依据本发明的另一个方面,还提供了一种用户登录的方法,所述方法包括:获取登录用户输入的登录信息和登录类型;根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;将登录用户的登录类型与所述配置的登录类型匹配,如果匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。According to another aspect of the present invention, a method for user login is provided, the method includes: acquiring login information and a login type input by a login user; and matching, according to the login information input by the user, whether the device is configured locally. User configuration mode; if it matches, the configured login type is obtained from the matching user configuration mode; otherwise, the configured login type is obtained from the default user mode; the login type of the login user is matched with the configured login type, if If the matching is performed, the AAA template corresponding to the matched user configuration mode or the default user mode is obtained according to the corresponding relationship between the user mode and the AAA template. The AAA template or the AAA authentication and the AAA authorization are initiated according to the matched AAA template.

可选地,如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,则提示登录失败。Optionally, if the login type of the login user does not match the login type corresponding to the user configuration mode, the login failure is prompted.

可选地,所述方法还包括:配置一种或多种AAA策略;创建AAA模板,将所述AAA策略绑定至所述AAA模板下;创建登录用户的用户模式;将所述AAA模板绑定至所述用户模式下。Optionally, the method further includes: configuring one or more AAA policies; creating an AAA template, binding the AAA policy to the AAA template; creating a user mode of the logged in user; and tying the AAA template Set to the user mode.

依据本发明的另一个方面,还提供了一种基于模板管理登录用户的装置,所述装置包括:配置模块,设置为配置一种或多种AAA策略;第一绑定模块,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下;创建模块,设置为创建用户模式;以及第二绑定模块,设置为将所述AAA模板绑定至所述用户模式下。 According to another aspect of the present invention, there is also provided an apparatus for managing a login user based on a template, the apparatus comprising: a configuration module configured to configure one or more AAA policies; and a first binding module configured to create an AAA a template, the AAA policy is bound to the AAA template; a module is created to create a user mode; and a second binding module is configured to bind the AAA template to the user mode.

可选地,所述装置还包括:第三绑定模块,设置为在所述用户模式下绑定相应的登录类型。Optionally, the device further includes: a third binding module, configured to bind the corresponding login type in the user mode.

依据本发明的另一个方面,还提供了一种用户登录的装置,所述装置包括:第一获取模块,设置为获取登录用户输入的登录信息和登录类型;第一匹配模块,设置为根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;第二匹配模块,设置为将登录用户的登录类型与所述配置的登录类型匹配,如果相匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;处理模块,设置为根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。According to another aspect of the present invention, there is also provided a device for user login, the device comprising: a first obtaining module, configured to acquire login information and a login type input by a login user; and a first matching module configured to be The login information input by the user matches whether the corresponding user configuration mode is configured locally; if it matches, the configured login type is obtained from the matched user configuration mode; otherwise, the configured login type is obtained from the default user mode; The matching module is configured to match the login type of the login user with the configured login type, and if matched, obtain a matching user configuration mode or a default user mode according to a preset correspondence between the user mode and the AAA template. Corresponding AAA template; the processing module is configured to initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.

可选地,所述装置还包括:提示模块,设置为如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,提示登录失败。Optionally, the device further includes: a prompting module, configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.

可选地,所述装置还包括:配置模块,设置为配置一种或多种AAA策略;Optionally, the device further includes: a configuration module, configured to configure one or more AAA policies;

第一绑定模块,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下;创建模块,设置为创建用户模式;以及第二绑定模块,设置为将所述AAA模板绑定至所述用户模式下。a first binding module, configured to create an AAA template, bind the AAA policy to the AAA template, create a module, and set a user mode, and a second binding module, configured to bind the AAA template Set to the user mode.

通过本发明的实施例,解决相同或者不同登录类型的用户使用相同或者不同的AAA策略的场景,通过本发明所述方法可以灵活使用AAA策略,使得所述场景的登录用户管理更灵活更方便。The AAA policy can be flexibly used by the method of the present invention to make the login user management of the scenario more flexible and convenient, by using the same or different AAA policies in the scenario of the same or different login types.

附图说明DRAWINGS

图1为本发明的实施例中基于模板管理登录用户的方法的流程图之一;1 is a flowchart of a method for managing a login user based on a template in an embodiment of the present invention;

图2为本发明的实施例中基于模板管理登录用户的方法的流程图之二;2 is a second flowchart of a method for managing a login user based on a template according to an embodiment of the present invention;

图3为本发明的实施例中AAA模板与本地用户或默认用户模式的配置绑定关系图;3 is a configuration binding relationship between an AAA template and a local user or a default user mode according to an embodiment of the present invention;

图4为本发明的实施例中TACACS服务器认证授权的流程图;4 is a flowchart of TACACS server authentication and authorization in an embodiment of the present invention;

图5为本发明的实施例中RADIUS服务器认证授权的流程图;5 is a flowchart of a RADIUS server authentication and authorization in an embodiment of the present invention;

图6为本发明的实施例中TACACSS服务器记账的流程图; 6 is a flow chart of TACACSS server accounting in an embodiment of the present invention;

图7为本发明的实施例中用户登录的流程图之一;FIG. 7 is a flowchart of a user login in an embodiment of the present invention; FIG.

图8为本发明的实施例中用户登录的流程图之二;FIG. 8 is a second flowchart of user login in an embodiment of the present invention; FIG.

图9为本发明的实施例中终端设备、路由器与AAA服务器的交互流程;FIG. 9 is a flowchart of interaction between a terminal device, a router, and an AAA server according to an embodiment of the present invention;

图10为本发明的基于模板管理登录用户的装置的结构示意图;10 is a schematic structural diagram of an apparatus for managing a login user based on a template according to the present invention;

图11为本发明的实施例中用户登录的装置的结构示意图。FIG. 11 is a schematic structural diagram of an apparatus for logging in by a user in an embodiment of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.

如图1所示,为本发明的实施例中一种基于模板管理登录用户的方法的流程图之一,具体步骤如下:FIG. 1 is a flowchart of a method for managing a login user based on a template according to an embodiment of the present invention, and the specific steps are as follows:

步骤S101、配置一种或多种AAA策略;Step S101: Configure one or more AAA policies.

可选地,所述AAA策略至少包括:AAA服务器组中AAA服务器类型和AAA服务器组中AAA服务器切换策略。Optionally, the AAA policy includes at least: an AAA server type in the AAA server group and an AAA server switching policy in the AAA server group.

目前常见的服务器为TACACS(终端访问控制器访问控制系统)、RADIUS(远程用户拨号认证系统)和Diameter(RADIUS的升级协议)三种,以这三种为例,说明AAA模板的配置策略。Currently, the common servers are TACACS (Terminal Access Controller Access Control System), RADIUS (Remote User Dial-Up Authentication System), and Diameter (RADIUS Upgrade Protocol). These three are used as examples to describe the configuration policy of the AAA template.

在AAA认证策略下,AAA服务器类型可以指定none、TACACS、RADIUS、Diameter、local(本地),或者这些类型的排列组合,以确定服务器切换的策略。对TACACS、RADIUS和Diameter服务器组配置相应的服务器切换策略,当某个AAA服务器不通时进行组内切换。Under the AAA authentication policy, the AAA server type can specify none, TACACS, RADIUS, Diameter, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS, RADIUS, and Diameter server groups. When an AAA server fails, perform intra-group switching.

在AAA授权策略下,AAA服务器类型可以指定none、TACACS、RADIUS、local,或者这些类型的排列组合,以确定服务器切换的策略。对TACACS和RADIUS服务器组配置相应的服务器切换策略,当某个AAA服务器不通时进行组内切换。 Under the AAA authorization policy, the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS and RADIUS server groups. If an AAA server fails, perform intra-group switching.

在AAA记账策略下,AAA服务器类型可以指定none、TACACS、RADIUS、local,或者这些类型的排列组合,以确定服务器切换的策略。对TACACS和RADIUS服务器配置相应的服务器切换策略,当某个服务器不通时进行组内切换。Under the AAA accounting policy, the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy for server switching. Configure the corresponding server switching policy for TACACS and RADIUS server, and perform intra-group switching when a server fails.

步骤S103、创建AAA模板,将AAA策略绑定至AAA模板下;Step S103: Create an AAA template, and bind the AAA policy to the AAA template.

在本发明的实施例中,AAA模板包括:AAA认证模板、AAA授权模板、AAA记账模板,其中在每种AAA模板可以绑定相同或不同的AAA策略,也就是可以在AAA模板中可以配置服务器类型、服务器切换策略和服务器组策略等,在指定的登录用户下绑定此AAA模板。当用户登录时,查找该用户绑定的AAA模板以确定具体的AAA策略。In an embodiment of the present invention, the AAA template includes: an AAA authentication template, an AAA authorization template, and an AAA accounting template, wherein each AAA template can be bound with the same or different AAA policies, that is, can be configured in the AAA template. Bind this AAA template to the specified login user, such as the server type, server switching policy, and server group policy. When the user logs in, the AAA template bound to the user is searched to determine a specific AAA policy.

步骤S105、创建登录用户的用户模式;Step S105: Create a user mode of the login user.

也就是,配置登录用户的用户信息(用户名和密码),并基于用户信息生成与登录用户对应的用户模式。可选地,在本发明的实施例中,用户模式包括:默认用户模式和用户配置模式,当用户信息配置在服务器侧,本地设备上未创建登录用户,同时指定了AAA模板均为服务器认证时,本发明的实施例提供默认用户模式,将AAA模板绑定至该默认用户模式下。当登录用户与本地已创建用户匹配不上时,采用默认用户模式下的绑定的AAA模板对应AAA策略。That is, user information (user name and password) of the logged-in user is configured, and a user mode corresponding to the logged-in user is generated based on the user information. Optionally, in the embodiment of the present invention, the user mode includes: a default user mode and a user configuration mode. When the user information is configured on the server side, the login user is not created on the local device, and the AAA template is specified as the server authentication. The embodiment of the present invention provides a default user mode, and the AAA template is bound to the default user mode. When the logged in user does not match the local created user, the AAA template bound in the default user mode corresponds to the AAA policy.

步骤S107、将AAA模板绑定至用户模式下。Step S107: Bind the AAA template to the user mode.

配置完AAA模板后,创建用户为test,将AAA模板按配置需要绑定到该用户配置下,此时即可使用test用户进行登录了。After the AAA template is configured, the test user is bound to the user configuration. You can use the test user to log in to the AAA template.

在本发明的实施例中,可以根据具体情况将AAA模板绑定至用户模式下,例如:In an embodiment of the present invention, an AAA template may be bound to a user mode according to a specific situation, for example:

情况一、由于用户登录必须经过AAA认证这一步,因此如果用户未绑定AAA认证模板或AAA认证模板配置有误时,在有终端输出的环境下应显式提示用户其认证的配置信息缺失或错误。If the user is not bound to the AAA authentication template or the AAA authentication template is incorrectly configured, the user should explicitly prompt the user that the authentication configuration information is missing or error.

情况二、在设备有默认授权策略的场景下,用户配置可以不绑定AAA授权模板,在用户认证通过后,采用默认授权策略赋予用户权限;当AAA授权服务器异常或网络异常时,无法获取服务器侧的授权结果,此时也会使用默认授权。在没有默认授权策略且用户未绑定AAA授权模板或AAA授权模板配置有误时,在有终端输出的环境下应显式提示用户其授权的配置信息缺失或错误,并不允许用户登录。 Case 2: In the scenario where the device has a default authorization policy, the user configuration may not be bound to the AAA authorization template. After the user authentication is passed, the default authorization policy is used to grant the user permission. When the AAA authorization server is abnormal or the network is abnormal, the server cannot be obtained. The authorization result on the side, and the default authorization is also used at this time. If there is no default authorization policy and the user is not bound to the AAA authorization template or the AAA authorization template is incorrectly configured, the user should explicitly prompt the user that the authorized configuration information is missing or incorrect in the environment with terminal output, and the user is not allowed to log in.

情况三、由于AAA记账策略并非登录用户的必选功能,因此如果在AAA记账功能关闭的情况下,用户绑定了AAA记账模板,或者在记账功能开启的情况下,用户绑定了记账模板,但是模板为空时,均不进行记账。Case 3: Since the AAA accounting policy is not a mandatory function for the logged-in user, if the AAA accounting function is closed, the user is bound with the AAA accounting template, or when the accounting function is enabled, the user is bound. The billing template is used, but when the template is empty, no billing is performed.

如图2所示,为本发明的实施例中基于模板管理登录用户的方法的流程图之二,与图1中所示的方法不同的是,在图2中,在步骤S107之后,该方法还包括:As shown in FIG. 2, a flowchart of the method for managing a login user based on a template in the embodiment of the present invention is different from the method shown in FIG. 1. In FIG. 2, after step S107, the method is Also includes:

步骤S109、在用户配置模式下绑定相应的登录类型。Step S109: Bind the corresponding login type in the user configuration mode.

当需要限定某类用户的某类登录类型时,在指定用户下或者默认用户模式下通过某种配置绑定登录类型即可。用户未绑定登录类型时默认支持任何登录类型。When you need to limit the login type of a certain type of user, you can bind the login type through a certain configuration under the specified user or the default user mode. Any login type is supported by default when the user does not bind the login type.

与常见的用户登录管理相比,本发明的实施方案能够针对特定的用户和特定登录类型定制非常灵活的认证、授权和记账的组合方法,以满足实际用户登录的场景和用户的定制化管理。Compared with common user login management, embodiments of the present invention can customize a very flexible combination of authentication, authorization, and accounting for specific users and specific login types to meet the actual user login scenario and user customized management. .

如图3所示,本发明的实施例描述的AAA模板与用户信息的绑定关系如下,以登录用户支持AAA服务器认证和授权的场景为例进行阐述:As shown in FIG. 3, the binding relationship between the AAA template and the user information described in the embodiment of the present invention is as follows:

步骤S301:配置服务器组策略,指定服务器组切换策略;Step S301: Configure a server group policy, and specify a server group switching policy.

其中,服务器组策略包括:TACACS组T1策略、RADIUS组T2策略和Diameter组T3策略。The server group policy includes: a TACACS group T1 policy, a RADIUS group T2 policy, and a Diameter group T3 policy.

步骤S303:创建AAA认证模板X1,将服务器组策略绑定至该AAA认证模板X1下;创建AAA授权模板X2,将服务器组策略绑定至该AAA授权模板X2下;创建AAA记账模板X3,将服务器组策略绑定至该AAA记账模板X3。Step S303: Create an AAA authentication template X1, bind the server group policy to the AAA authentication template X1, create an AAA authorization template X2, bind the server group policy to the AAA authorization template X2, and create an AAA accounting template X3. Bind the server group policy to the AAA accounting template X3.

步骤S305:创建用户Y,并将AAA认证模板X1和授权模板X2绑定至Y下或者将AAA认证模板X1、AAA授权模板X2、AAA记账模板X3绑定至Y下。Step S305: Create a user Y, and bind the AAA authentication template X1 and the authorization template X2 to Y or bind the AAA authentication template X1, the AAA authorization template X2, and the AAA accounting template X3 to Y.

步骤S307、绑定登录类型,其中登录类型包括:console、TELNET、SSH、FTP和WEB等。Step S307: Binding the login type, wherein the login type includes: console, TELNET, SSH, FTP, and WEB.

至此,AAA服务器配置信息、AAA认证模板、AAA授权模板以及用户配置信息三者的关联关系就建立起来了。At this point, the association between the AAA server configuration information, the AAA authentication template, the AAA authorization template, and the user configuration information is established.

本发明的实际配置信息举例如下: The actual configuration information of the present invention is as follows:

如图4所示,为本发明的实施例中TACACS服务器认证授权的流程图,其中,用户部署在TACACS服务器侧,进行TACACS服务器认证授权的场景如下:As shown in FIG. 4, it is a flowchart of the TACACS server authentication and authorization in the embodiment of the present invention. The scenario in which the user is deployed on the TACACS server side to perform TACACS server authentication and authorization is as follows:

步骤S401:配置2个TACACS服务器,并应用于TACACS名为T1的组策略中。Step S401: Configure two TACACS servers and apply them to the group policy named T1 in TACACS.

具体地,步骤S401的代码如下:Specifically, the code of step S401 is as follows:

Figure PCTCN2015073660-appb-000001
Figure PCTCN2015073660-appb-000001

步骤S403:创建AAA认证模板2001,配置认证类型为TACACS,并把TACACS组策略绑定至该AAA认证模板2001下。Step S403: Create an AAA authentication template 2001, configure the authentication type as TACACS, and bind the TACACS group policy to the AAA authentication template 2001.

具体地,步骤S403的代码如下:Specifically, the code of step S403 is as follows:

Figure PCTCN2015073660-appb-000002
Figure PCTCN2015073660-appb-000002

步骤S405:创建AAA授权模板2001,配置授权类型为TACACS,并把TACACS组策略绑定至该AAA授权模板2001下。Step S405: Create an AAA authorization template 2001, configure the authorization type as TACACS, and bind the TACACS group policy to the AAA authorization template 2001.

具体地,步骤S405的代码如下:Specifically, the code of step S405 is as follows:

Figure PCTCN2015073660-appb-000003
Figure PCTCN2015073660-appb-000003

Figure PCTCN2015073660-appb-000004
Figure PCTCN2015073660-appb-000004

步骤S407:创建用户user1,配置其密码为test(例子中为test对应的密文),同时将步骤S403和S405创建的AAA认证模板和AAA授权模板绑定到user1下。Step S407: Create user user1, configure its password as test (in the example, the ciphertext corresponding to test), and bind the AAA authentication template and AAA authorization template created in steps S403 and S405 to user1.

具体地,步骤S407的代码如下:Specifically, the code of step S407 is as follows:

Figure PCTCN2015073660-appb-000005
Figure PCTCN2015073660-appb-000005

步骤S409:如果用户创建在服务器侧,本地没有用户配置,认证、授权、记账均使用服务器时,需要在默认用户模式下绑定步骤S403和S405创建的AAA认证模板和AAA授权模板。Step S409: If the user is created on the server side and there is no user configuration in the local area, and the server is used for authentication, authorization, and accounting, the AAA authentication template and the AAA authorization template created in steps S403 and S405 are bound in the default user mode.

具体地,步骤S409的代码如下:Specifically, the code of step S409 is as follows:

Figure PCTCN2015073660-appb-000006
Figure PCTCN2015073660-appb-000006

Figure PCTCN2015073660-appb-000007
Figure PCTCN2015073660-appb-000007

步骤S411:通过接入终端使用部署的用户登录设备。Step S411: Log in to the device by using the deployed user through the access terminal.

如图5所示,为本发明的实施例中RADIUS服务器认证授权的流程图,其中,用户部署在RADIUS服务器侧,进行RADIUS服务器认证授权的场景如下:As shown in FIG. 5, it is a flowchart of the RADIUS server authentication and authorization in the embodiment of the present invention. The scenario in which the user is deployed on the RADIUS server side to perform RADIUS server authentication and authorization is as follows:

步骤S501:配置2个RADIUS服务器,并应用于RADIUS名为R1的组策略中。Step S501: Configure two RADIUS servers and apply them to the group policy whose RADIUS name is R1.

具体地,步骤S501的代码如下:Specifically, the code of step S501 is as follows:

Figure PCTCN2015073660-appb-000008
Figure PCTCN2015073660-appb-000008

步骤S503:创建AAA认证模板2002,配置认证类型为RADIUS,并把RADIUS组策略绑定至该AAA认证模板2002下。Step S503: Create an AAA authentication template 2002, configure the authentication type to be RADIUS, and bind the RADIUS group policy to the AAA authentication template 2002.

具体地,步骤S503的代码如下:Specifically, the code of step S503 is as follows:

Figure PCTCN2015073660-appb-000009
Figure PCTCN2015073660-appb-000009

步骤S505、:创建AAA授权模板2002,配置授权类型为RADIUS,并把RADIUS组策略绑定至该AAA授权模板2002下。Step S505: Create an AAA authorization template 2002, configure the authorization type to be RADIUS, and bind the RADIUS group policy to the AAA authorization template 2002.

具体地,步骤S505的代码如下: Specifically, the code of step S505 is as follows:

Figure PCTCN2015073660-appb-000010
Figure PCTCN2015073660-appb-000010

步骤S507:创建用户user1,配置其密码为test,同时将步骤S503和S505创建的AAA认证模板和AAA授权模板绑定到user1下。Step S507: Create user user1, configure its password as test, and bind the AAA authentication template and AAA authorization template created in steps S503 and S505 to user1.

具体地,步骤S507的代码如下:Specifically, the code of step S507 is as follows:

Figure PCTCN2015073660-appb-000011
Figure PCTCN2015073660-appb-000011

步骤S509:如果用户创建在服务器侧,本地没有用户配置,认证、授权、记账均使用服务器时,需要在默认用户模式下绑定步骤S503和S505创建的AAA认证模板和AAA授权模板。Step S509: If the user is created on the server side and there is no user configuration in the local area, and the server is used for authentication, authorization, and accounting, the AAA authentication template and the AAA authorization template created in steps S503 and S505 are bound in the default user mode.

具体地,步骤S509的代码如下:Specifically, the code of step S509 is as follows:

Figure PCTCN2015073660-appb-000012
Figure PCTCN2015073660-appb-000012

Figure PCTCN2015073660-appb-000013
Figure PCTCN2015073660-appb-000013

步骤S511:通过接入终端使用部署的用户登录设备。Step S511: Log in to the device by using the deployed user through the access terminal.

Diameter服务器主要用于用户认证,与TACACS认证模板的绑定策略类似。The Diameter server is mainly used for user authentication, and is similar to the binding policy of the TACACS authentication template.

如图6所示,为本发明的实施例中TACACSS服务器记账的流程图由于AAA记账策略并非登录用户的必选功能,与AAA认证、授权功能稍有不同的是需要有配置使能开关,使能开关默认关闭。以TACACS服务器记账功能为例,具体配置如下:As shown in FIG. 6 , the flow chart of the TACACSS server accounting in the embodiment of the present invention is not required for the logged in user. The AAA authentication and authorization functions are slightly different from the AAA authentication and authorization functions. The enable switch is turned off by default. Take the TACACS server accounting function as an example. The specific configuration is as follows:

步骤S601:创建AAA记账模板2003,配置记账类型为TACACS,并把TACACS组策略绑定至该AAA记账模板2003下。具体地,步骤S601的代码如下:Step S601: Create an AAA accounting template 2003, configure the accounting type as TACACS, and bind the TACACS group policy to the AAA accounting template 2003. Specifically, the code of step S601 is as follows:

Figure PCTCN2015073660-appb-000014
Figure PCTCN2015073660-appb-000014

步骤S603:在用户user1配置模式下开启记账功能,同时将步骤S601创建的AAA记账模板2003绑定到user1下:In step S603, the accounting function is enabled in the user1 configuration mode, and the AAA accounting template 2003 created in step S601 is bound to user1:

具体地,步骤S603的代码如下:Specifically, the code of step S603 is as follows:

Figure PCTCN2015073660-appb-000015
Figure PCTCN2015073660-appb-000015

步骤S605:如果用户创建在服务器侧,本地没有用户配置,在默认用户模式下开启记账功能,举例如下:Step S605: If the user is created on the server side and there is no local user configuration, the accounting function is enabled in the default user mode, as follows:

具体地,步骤S605的代码如下:Specifically, the code of step S605 is as follows:

Figure PCTCN2015073660-appb-000016
Figure PCTCN2015073660-appb-000016

此时该用户登录后的所有操作都会按照AAA记账模板2003策略进行记账了。如果在记账功能关闭的情况下(accounting-switch off),用户绑定了AAA的记账模板,或者在记账功能开启的情况下,用户绑定了记账模板,但是模板为空时,均不进行记账。At this point, all operations after the user logs in will be accounted for in accordance with the AAA Accounting Template 2003 policy. If the accounting function is off (accounting-switch off), the user binds the accounting template of AAA, or when the accounting function is enabled, the user binds the accounting template, but when the template is empty, No accounting is performed.

在需要限定用户的登录类型时,在用户配置模式下绑定相应的登录类型即可,常见的登录类型主要是console、TELNET、SSH、FTP、WEB等,根据网络设备实际的接入场景,呈现不同的接入类型,本例对应的命令为login-type,以限制用户允许TELNET和SSH登录为例举例如下:When you need to limit the login type of the user, you can bind the corresponding login type in the user configuration mode. The common login type is mainly console, TELNET, SSH, FTP, WEB, etc., according to the actual access scenario of the network device. For the different access types, the corresponding command in this example is login-type to restrict users from allowing Telnet and SSH login as an example:

Figure PCTCN2015073660-appb-000017
Figure PCTCN2015073660-appb-000017

本地未配置用户时限制服务器侧的登录类型的场景举例如下:An example of limiting the login type on the server side when a user is not configured locally is as follows:

Figure PCTCN2015073660-appb-000018
Figure PCTCN2015073660-appb-000018

Figure PCTCN2015073660-appb-000019
Figure PCTCN2015073660-appb-000019

以上所述场景配置完成后,即可通过指定用户登录设备了。After the configuration of the scenario described above is complete, you can log in to the device through the specified user.

如图7所示,为本发明的实施例中用户登录的流程图之一,具体步骤如下:As shown in FIG. 7 , it is one of flowcharts of user login in the embodiment of the present invention, and the specific steps are as follows:

步骤S701、获取登录用户输入的登录信息和登录类型;Step S701: Acquire login information and login type input by the login user.

步骤S703、根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配上,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;Step S703: According to the login information input by the user, whether the corresponding user configuration mode is configured locally; if the matching is performed, the configured login type is obtained from the matched user configuration mode; otherwise, the configuration is obtained from the default user mode. Login type;

步骤S705、将登录用户的登录类型与所述配置的登录类型匹配,如果相匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;Step S705: Matching the login type of the login user with the configured login type, and if they match, obtaining a corresponding user configuration mode or a default user mode according to a preset correspondence between the user mode and the AAA template. AAA template;

步骤S707、根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。Step S707: Initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.

在本发明的实施例中,如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,提示登录失败。In the embodiment of the present invention, if the login type of the login user does not match the login type corresponding to the user configuration mode, the login failure is prompted.

在本发明的实施例中,预先设定的用户模式与AAA模板的对应关系可以通过以下方式建立,首先配置一种或多种AAA策略;然后创建AAA模板,将所述AAA策略绑定至所述AAA模板下;再然后,创建登录用户的用户模式;最后将所述AAA模板绑定至所述用户模式下。In the embodiment of the present invention, the correspondence between the preset user mode and the AAA template may be established by first configuring one or more AAA policies; then creating an AAA template, and binding the AAA policy to the Under the AAA template; then, create a user mode of the login user; finally bind the AAA template to the user mode.

如图8所示,为本发明的实施例中用户登录的流程图之二,用户登录流程如下:As shown in FIG. 8 , in the flowchart of the user login in the embodiment of the present invention, the user login process is as follows:

步骤S801:获取登录用户的用户名和密码;Step S801: Acquire a username and password of the login user.

步骤S803:根据用户输入的用户名和密码匹配设备本地的用户列表中是否配置了对应的用户模式。如果匹配上,进入步骤S807;否则,进入步骤S805。Step S803: According to the user name and password input by the user, whether the corresponding user mode is configured in the user list local to the device. If it matches, the process goes to step S807; otherwise, the process goes to step S805.

步骤S805、从默认用户模式下获取登录类型。Step S805: Obtain a login type from the default user mode.

步骤S807、获取本地配置用户模式的登录类型; Step S807, obtaining a login type of the local configuration user mode;

步骤S809:如果登录用户的登录类型与配置的登录类型相匹配,则进入步骤S811;反之给出相应错误提示。Step S809: If the login type of the login user matches the configured login type, proceed to step S811; otherwise, a corresponding error prompt is given.

步骤S811:从匹配用户或默认用户模式下获取相应的AAA方法(认证、授权、记账)。Step S811: Obtain a corresponding AAA method (authentication, authorization, accounting) from the matching user or the default user mode.

步骤S813:发起指定AAA方法的认证、授权请求并等待设备或者服务器响应。如果认证和授权成功,则用户登录成功。Step S813: Initiating an authentication, authorization request specifying the AAA method and waiting for a response from the device or the server. If the authentication and authorization are successful, the user logs in successfully.

当user1用户下绑定模板号为2001的认证和授权模板,通过指定的接入终端登录时,终端设备侧、设备(电信级交换机、路由器)侧和AAA服务器侧的实际交互流程如图9所示,以设备为路由器为例,路由器提示终端设备输入用户名和密码,当终端设备输入“user1”(用户名)和“test”(密码)后,由路由器根据用户名和密码进行AAA策略的匹配,然后基于路由器匹配得到的AAA策略向AAA服务器发送认证和授权处理的请求,当认证和授权成功后,路由器允许终端设备登录。The actual interaction process between the terminal device side, the device (telecom scale switch, router) side and the AAA server side is as shown in Figure 9 when the authentication and authorization template of the template number is 2001. As shown in the example of the router, the router prompts the terminal device to input the user name and password. When the terminal device inputs "user1" (user name) and "test" (password), the router performs AAA policy matching according to the user name and password. Then, based on the AAA policy obtained by the router matching, a request for authentication and authorization processing is sent to the AAA server. After the authentication and authorization are successful, the router allows the terminal device to log in.

如图10所示,为本发明的基于模板管理登录用户的装置的结构示意图,该装置包括:配置模块1001、第一绑定模块1003、创建模块1005和第二绑定模块1007,其中As shown in FIG. 10, it is a schematic structural diagram of an apparatus for managing a login user based on a template according to the present invention. The apparatus includes: a configuration module 1001, a first binding module 1003, a creating module 1005, and a second binding module 1007, wherein

配置模块1001,设置为配置一种或多种AAA策略;目前常见的服务器为TACACS(终端访问控制器访问控制系统)、RADIUS(远程用户拨号认证系统)和Diameter(RADIUS的升级协议)三种,以这三种为例,说明AAA模板的配置策略。在AAA认证策略下,AAA服务器类型可以指定none、TACACS、RADIUS、Diameter、local(本地),或者这些类型的排列组合,以确定服务器切换的策略。对TACACS、RADIUS和Diameter服务器组配置相应的服务器切换策略,当某个AAA服务器不通时进行组内切换。在AAA授权策略下,AAA服务器类型可以指定none、TACACS、RADIUS、local,或者这些类型的排列组合,以确定服务器切换的策略。对TACACS和RADIUS服务器组配置相应的服务器切换策略,当某个AAA服务器不通时进行组内切换。在AAA记账策略下,AAA服务器类型可以指定none、TACACS、RADIUS、local,或者这些类型的排列组合,以确定服务器切换的策略。对TACACS和RADIUS服务器配置相应的服务器切换策略,当某个服务器不通时进行组内切换。The configuration module 1001 is configured to configure one or more AAA policies; currently, the common servers are TACACS (Terminal Access Controller Access Control System), RADIUS (Remote User Dial-Up Authentication System), and Diameter (RADIUS Upgrade Protocol). Take these three examples as an example to describe the configuration policy of the AAA template. Under the AAA authentication policy, the AAA server type can specify none, TACACS, RADIUS, Diameter, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS, RADIUS, and Diameter server groups. When an AAA server fails, perform intra-group switching. Under the AAA authorization policy, the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy of server switching. Configure the corresponding server switching policy for the TACACS and RADIUS server groups. If an AAA server fails, perform intra-group switching. Under the AAA accounting policy, the AAA server type can specify none, TACACS, RADIUS, local, or a combination of these types to determine the policy for server switching. Configure the corresponding server switching policy for TACACS and RADIUS server, and perform intra-group switching when a server fails.

第一绑定模块1003,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下。在本发明的实施例中,AAA模板包括:AAA认证模板、AAA授权模板、AAA记账模板,其中在每种AAA模板可以绑定相同或不同的AAA策略,也就是可以在AAA模板中可以配置服务器类型、服务器切换策略和服务器组策略等,在指定的登录 用户下绑定此AAA模板。当用户登录时,查找该用户绑定的AAA模板以确定具体的AAA策略。The first binding module 1003 is configured to create an AAA template, and bind the AAA policy to the AAA template. In an embodiment of the present invention, the AAA template includes: an AAA authentication template, an AAA authorization template, and an AAA accounting template, wherein each AAA template can be bound with the same or different AAA policies, that is, can be configured in the AAA template. Server type, server switching policy, server group policy, etc., in the specified login The user binds this AAA template. When the user logs in, the AAA template bound to the user is searched to determine a specific AAA policy.

创建模块1005,设置为创建用户模式;也就是,配置登录用户的用户信息(用户名和密码),并基于用户信息生成与登录用户对应的用户模式。可选地,在本发明的实施例中,用户模式包括:默认用户模式和用户配置模式,当用户信息配置在服务器侧,本地设备上未创建登录用户,同时指定了AAA模板均为服务器认证时,本发明的实施例提供默认用户模式,将AAA模板绑定至该默认用户模式下。当登录用户与本地已创建用户匹配不上时,采用默认用户模式下的绑定的AAA默认对应的方式。The creating module 1005 is configured to create a user mode; that is, configuring user information (user name and password) of the logged-in user, and generating a user mode corresponding to the logged-in user based on the user information. Optionally, in the embodiment of the present invention, the user mode includes: a default user mode and a user configuration mode. When the user information is configured on the server side, the login user is not created on the local device, and the AAA template is specified as the server authentication. The embodiment of the present invention provides a default user mode, and the AAA template is bound to the default user mode. When the logged in user does not match the locally created user, the AAA default method corresponding to the binding in the default user mode is adopted.

第二绑定模块1007,设置为将所述AAA模板绑定至所述用户模式下。The second binding module 1007 is configured to bind the AAA template to the user mode.

与常见的用户登录管理相比,本发明的实施方案能够针对特定的用户和特定登录类型定制非常灵活的认证、授权和记账的组合方法,以满足实际用户登录的场景和用户的定制化管理。Compared with common user login management, embodiments of the present invention can customize a very flexible combination of authentication, authorization, and accounting for specific users and specific login types to meet the actual user login scenario and user customized management. .

可选地,在本发明的另一个实施例中,装置还包括:第三绑定模块,设置为在所述用户模式下绑定相应的登录类型。当需要限定某类用户的某类登录类型时,在指定用户下或者默认用户模式下通过某种配置绑定登录类型即可。用户未绑定登录类型时默认支持任何登录类型。Optionally, in another embodiment of the present invention, the apparatus further includes: a third binding module, configured to bind the corresponding login type in the user mode. When you need to limit the login type of a certain type of user, you can bind the login type through a certain configuration under the specified user or the default user mode. Any login type is supported by default when the user does not bind the login type.

如图11所示,为本发明的实施例中用户登录的装置的结构示意图,该装置包括:FIG. 11 is a schematic structural diagram of an apparatus for logging in by a user in an embodiment of the present invention, where the apparatus includes:

第一获取模块1101,设置为获取登录用户输入的登录信息;The first obtaining module 1101 is configured to obtain login information input by the login user.

第一匹配模块1103,设置为根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配上,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;The first matching module 1103 is configured to: according to the login information input by the user, whether the corresponding user configuration mode is configured locally; if the matching is performed, the configured login type is obtained from the matched user configuration mode; otherwise, the default is obtained from the default Get the configured login type in user mode;

第二匹配模块1105,设置为将登录用户的登录类型与所述配置的登录类型匹配,如果相匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;The second matching module 1105 is configured to match the login type of the login user with the configured login type, and if matched, obtain a matching user configuration mode according to a preset correspondence between the user mode and the AAA template. The AAA template corresponding to the default user mode;

处理模块1107,设置为根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。The processing module 1107 is configured to initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template.

可选地,所述装置还包括:提示模块,设置为如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,提示登录失败。 Optionally, the device further includes: a prompting module, configured to prompt that the login fails if the login type of the login user does not match the login type corresponding to the user configuration mode.

可选地,所述装置还包括:Optionally, the device further includes:

配置模块,设置为配置一种或多种AAA策略;The configuration module is configured to configure one or more AAA policies;

第一绑定模块,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下;a first binding module, configured to create an AAA template, and bind the AAA policy to the AAA template;

创建模块,设置为创建用户模式;以及Create a module set to create a user mode;

第二绑定模块,设置为将所述AAA模板绑定至所述用户模式下。The second binding module is configured to bind the AAA template to the user mode.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should also be considered as the scope of protection of the present invention.

工业实用性Industrial applicability

如上所述,通过上述实施例及优选实施方式,解决了相同或者不同登录类型的用户使用相同或者不同的AAA策略的场景,通过本发明所述方法可以灵活使用AAA策略,使得所述场景的登录用户管理更灵活更方便。 As described above, with the above-mentioned embodiments and the preferred embodiments, the scenario in which the users of the same or different login types use the same or different AAA policies is solved, and the AAA policy can be flexibly used to enable the login of the scenario. User management is more flexible and convenient.

Claims (14)

一种基于模板的管理登录用户的方法,所述方法包括:A template-based method for managing login users, the method comprising: 配置一种或多种AAA策略;Configure one or more AAA policies; 创建AAA模板,将所述AAA策略绑定至所述AAA模板下;Create an AAA template, and bind the AAA policy to the AAA template. 创建登录用户的用户模式;以及Create a user mode for the logged in user; 将所述AAA模板绑定至所述用户模式下。Binding the AAA template to the user mode. 如权利要求1所述的方法,其中,所述AAA模板包括:AAA认证模板、AAA授权模板和AAA记账模板中的一种或多种。The method of claim 1, wherein the AAA template comprises one or more of an AAA authentication template, an AAA authorization template, and an AAA accounting template. 如权利要求1所述的方法,其中,所述AAA策略至少包括:AAA服务器组中AAA服务器类型和AAA服务器组中AAA服务器切换策略。The method of claim 1, wherein the AAA policy comprises at least: an AAA server type in the AAA server group and an AAA server switching policy in the AAA server group. 如权利要求1所述的方法,其中,所述方法还包括:在所述用户模式下绑定相应的登录类型。The method of claim 1 wherein the method further comprises: binding the corresponding login type in the user mode. 如权利要求4所述的方法,其中,所述用户模式包括:默认用户模式和用户配置模式。The method of claim 4 wherein said user mode comprises: a default user mode and a user configuration mode. 如权利要求5所述的方法,其中,所述登录类型为:console登录类型、TELNET登录类型、SSH登录类型、FTP登录类型或WEB登录类型。The method of claim 5, wherein the login type is: a console login type, a TELNET login type, an SSH login type, an FTP login type, or a WEB login type. 一种用户登录的方法,所述方法包括:A method for user login, the method comprising: 获取登录用户输入的登录信息和登录类型;Obtain login information and login type entered by the login user; 根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;According to the login information input by the user, whether the corresponding user configuration mode is configured locally; if yes, the configured login type is obtained from the matched user configuration mode; otherwise, the configured login type is obtained from the default user mode; 将登录用户的登录类型与所述配置的登录类型匹配,如果匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;The AAA template corresponding to the matched user configuration mode or the default user mode is obtained according to the mapping between the preset user mode and the AAA template. 根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。 AAA authentication or AAA authentication and AAA authorization are initiated according to the matched AAA template. 如权利要求7所述的方法,其中,如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,则提示登录失败。The method of claim 7, wherein if the login type of the login user does not match the login type corresponding to the user configuration mode, the login failure is prompted. 如权利要求7所述的方法,其中,所述方法还包括:The method of claim 7 wherein said method further comprises: 配置一种或多种AAA策略;Configure one or more AAA policies; 创建AAA模板,将所述AAA策略绑定至所述AAA模板下;Create an AAA template, and bind the AAA policy to the AAA template. 创建登录用户的用户模式;Create a user mode for the logged in user; 将所述AAA模板绑定至所述用户模式下。Binding the AAA template to the user mode. 一种基于模板管理登录用户的装置,所述装置包括:A device for managing a login user based on a template, the device comprising: 配置模块,设置为配置一种或多种AAA策略;The configuration module is configured to configure one or more AAA policies; 第一绑定模块,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下;a first binding module, configured to create an AAA template, and bind the AAA policy to the AAA template; 创建模块,设置为创建用户模式;以及Create a module set to create a user mode; 第二绑定模块,设置为将所述AAA模板绑定至所述用户模式下。The second binding module is configured to bind the AAA template to the user mode. 如权利要求10所述的装置,其中,所述装置还包括:The device of claim 10, wherein the device further comprises: 第三绑定模块,设置为在所述用户模式下绑定相应的登录类型。The third binding module is configured to bind the corresponding login type in the user mode. 一种用户登录的装置,所述装置包括:A device for user login, the device comprising: 第一获取模块,设置为获取登录用户输入的登录信息和登录类型;The first obtaining module is configured to obtain login information and a login type input by the login user; 第一匹配模块,设置为根据所述用户输入的登录信息匹配设备本地是否配置了对应的用户配置模式;如果匹配,则从匹配的用户配置模式中获取配置的登录类型;否则,从默认用户模式下获取配置的登录类型;The first matching module is configured to: according to the login information input by the user, whether the corresponding user configuration mode is configured locally; if yes, obtain the configured login type from the matched user configuration mode; otherwise, from the default user mode Get the configured login type; 第二匹配模块,设置为将登录用户的登录类型与所述配置的登录类型匹配,如果相匹配,则根据预先设定的用户模式与AAA模板的对应关系,得到与匹配的用户配置模式或默认用户模式对应的AAA模板;The second matching module is configured to match the login type of the login user with the configured login type, and if matched, obtain a matching user configuration mode or default according to a preset correspondence between the user mode and the AAA template. User mode corresponding AAA template; 处理模块,设置为根据匹配得到的AAA模板发起AAA认证或AAA认证和AAA授权。 The processing module is configured to initiate AAA authentication or AAA authentication and AAA authorization according to the matched AAA template. 如权利要求12所述的装置,其中,所述装置还包括:提示模块,设置为如果所述登录用户的登录类型与所述用户配置模式对应的登录类型不匹配,提示登录失败。The device according to claim 12, wherein the device further comprises: a prompting module, configured to prompt the login failure if the login type of the login user does not match the login type corresponding to the user configuration mode. 如权利要求12所述的装置,其中,所述装置还包括:The device of claim 12, wherein the device further comprises: 配置模块,设置为配置一种或多种AAA策略;The configuration module is configured to configure one or more AAA policies; 第一绑定模块,设置为创建AAA模板,将所述AAA策略绑定至所述AAA模板下;a first binding module, configured to create an AAA template, and bind the AAA policy to the AAA template; 创建模块,设置为创建用户模式;Create a module, set to create a user mode; 第二绑定模块,设置为将所述AAA模板绑定至所述用户模式下。 The second binding module is configured to bind the AAA template to the user mode.
PCT/CN2015/073660 2014-11-25 2015-03-04 Template based logged in user management method, user login method and device Ceased WO2016082366A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410687347.8 2014-11-25
CN201410687347.8A CN105704089A (en) 2014-11-25 2014-11-25 Template-based login user management method, user login method and device

Publications (1)

Publication Number Publication Date
WO2016082366A1 true WO2016082366A1 (en) 2016-06-02

Family

ID=56073445

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073660 Ceased WO2016082366A1 (en) 2014-11-25 2015-03-04 Template based logged in user management method, user login method and device

Country Status (2)

Country Link
CN (1) CN105704089A (en)
WO (1) WO2016082366A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685955B (en) * 2016-12-28 2020-08-25 武汉微创光电股份有限公司 A security authentication method for video surveillance platform based on Radius

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device
US20090077618A1 (en) * 2005-07-29 2009-03-19 Identity Engines, Inc. Segmented Network Identity Management

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8839346B2 (en) * 2010-07-21 2014-09-16 Citrix Systems, Inc. Systems and methods for providing a smart group
CN102938756A (en) * 2011-08-15 2013-02-20 中兴通讯股份有限公司 Selection method and device of policy servers

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090077618A1 (en) * 2005-07-29 2009-03-19 Identity Engines, Inc. Segmented Network Identity Management
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device

Also Published As

Publication number Publication date
CN105704089A (en) 2016-06-22

Similar Documents

Publication Publication Date Title
US20220394099A1 (en) Virtual hosting device and service to provide software-defined networks in a cloud environment
JP6207697B2 (en) Safe mobile framework
US9729514B2 (en) Method and system of a secure access gateway
US10193888B1 (en) Dynamic authentication in alternate operating environment
US8370905B2 (en) Domain access system
US20130297933A1 (en) Mobile enterprise smartcard authentication
US9892244B2 (en) System and method for installing authentication credentials on a network device
US20140075513A1 (en) Device token protocol for authorization and persistent authentication shared across applications
CN107172054A (en) A CAS-based authority authentication method, device and system
CN105262597B (en) Network access verifying method, client terminal, access device and authenticating device
CN109995792B (en) A security management system for storage devices
CN102104592A (en) Session migration between network policy servers
US8627423B2 (en) Authorizing remote access points
US10171439B2 (en) Owner based device authentication and authorization for network access
JP2016063417A (en) Vpn access control system, operation method therefor, program, vpn router and server
US10404684B1 (en) Mobile device management registration
CN111327578A (en) User ssh login authentication method
JP2009123207A (en) Method and device for accessing network
CN104322031A (en) Implementing policies for an enterprise network using policy instructions that are executed through a local policy framework
CN106856471B (en) AD domain login authentication method under 802.1X
JP2013242776A (en) Information processing system, control method thereof, and program thereof
KR102333028B1 (en) Apparatus and method for controling firewall policy
WO2016082366A1 (en) Template based logged in user management method, user login method and device
CN105451225B (en) An access authentication method and access authentication device
WO2014101841A1 (en) Electronic rendezvous-based two stage access control for private networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862492

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862492

Country of ref document: EP

Kind code of ref document: A1