Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Mechanism for Supporting Multiple Authentication Servers

IP.com Disclosure Number: IPCOM000107759D
Original Publication Date: 1992-Mar-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 2 page(s) / 67K

Publishing Venue

IBM

Related People

Langford, JS: AUTHOR

Abstract

Disclosed is a mechanism for supporting multiple authentication servers on a UNIX* based operating system. An authentication server is a mechanism that maps a user name to a unique user id number and authenticates the identity of the user. When there are multiple servers available on a system, there must be a way to decide which server to use and when to use it.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Mechanism for Supporting Multiple Authentication Servers

       Disclosed is a mechanism for supporting multiple
authentication servers on a UNIX* based operating system. An
authentication server is a mechanism that maps a user name to a
unique user id number and authenticates the identity of the user.
When there are multiple servers available on a system, there must be
a way to decide which server to use and when to use it.

      The authentication server on a traditional UNIX system uses the
"/etc/passwd" file for username/userid translation and password
authentication.  The users listed in this file are referred to as
"local" users.  Other authentication servers currently exist, such as
YP** and PasswdEtc***. These have been implemented by hard coding
algorithms into login code, etc., to recognize and call the various
server specific routines.  There needs to be a way to support
alternate authentication servers without having to modify object
code.

      In this proposed mechanism, the traditional password file is
used to map the relationship between multiple authentication servers
and/or local users.  An invalid username is used to label each
server; for example, "~pe" may indicate the PasswdEtc authentication
server.  These entries are inserted into the local password file.
Their relative position in the file and (possibly) the values in
their colon delimited fields determine the behavior of the system.
Valid local usernames may be interspersed in the file along...