Browse Prior Art Database

Method for searching a user's authentication domain in a distributed database system

IP.com Disclosure Number: IPCOM000196274D
Publication Date: 2010-May-28
Document File: 2 page(s) / 22K

Publishing Venue

The IP.com Prior Art Database

Abstract

Method for searching a user's authentication domain in a distributed database system

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Method for searching a user's authentication domain in a distributed database system

In a distributed system like NIS or LDAP, user data is typically stored on a centralized server and other servers on the
network (Clients) are allowed to access it. When a user tries to login, the client OS tries to authenticate the user by searching for that
user in a predefined linked list. This list is made from the remote module entries defined in some local configuration file (for eg.

in AIX® its is /usr/lib/security/methods.cfg).

In normal situation this linked list contains the local system (for AIX its "BUILTIN") first followed by the remote modules in the sequence as they are defined in the configuration file. Problem with this approach is that for a remote user i.e a user defined on NIS or LDAP, the local system is searched first followed by other modules as defined in the configuration file where the user may not exist.

This causes unnecessary delay in authenticating the user.

A workaround to this problem in AIX is to set the SYSTEM attribute for all remote users in the local /etc/security/user file.

SYSTEM attribute describes the module through which the user needs to be authenticated. If this is done then the search linked list
contains the corresponding SYSTEM attribute value first in the list as given in that users stanza.

The following are the drawbacks of this approach:

1. The client system needs to update the /etc/security/user file manually for all the remote users. Considering a remote module now normally contains thousands of users, this could be a huge task for the client system administrator.
2. If any additions/deletions of users take place on centralized server, the client will not know about it automatically a...