Any system that is designed to provide services over a network needs to have several fundamental capabilities:
A system for storing information on a network server
A mechanism for updating the stored information
A mechanism for distributing the information to other computers on the network
Early systems performed these functions and little else. In a friendly network environment, these are the only capabilities that are needed.
However, in an environment that is potentially hostile, or when an organization's network is connected to an external network that is not under that organization's control, security becomes a concern. To provide some degree of security for network services, the following additional capabilities are required:
Clients need to have some way of verifying that the server they are communicating with is a valid server.
Servers need to know that the clients are valid.
There needs to be a mechanism for verifying that the user sitting in front of a client workstation is, in fact, who the user claims to be.
A system is required for verifying that the data received over the network has not been modified during its transmission.
A system is required for protecting information sent over the network from eavesdropping. Users should have access only to information to which they are entitled.
There needs to be some way to record general details of what happened, who caused it to happen, and when it happened.
These capabilities are independent of one another. A system can provide for client authentication and user authentication, but also requires that the clients implicitly trust that the servers on the network are, in fact, legitimate servers. A system can provide for authentication of the users and the computers but send all information without encryption or digital signatures, making it susceptible to modification or monitoring en route.
Obviously, the most secure network systems provide all of these network security capabilities (and often more).
This chapter considers the problem of user authentication in an environment in which there are multiple workstations available to users, connected through an untrusted and potentially unsecure network. For convenience, we'd like to have user account data stored on a central server, but for redundancy we might like to have that central server's data replicated on other servers in real time. For security, we need to ensure that when a user logs into a workstation, his identity is authenticated against the central server's data store without exposing private data on the untrusted network. As we'll see, several solutions to this problem have been offered?including NIS, NIS+, Kerberos, and LDAP?but none has been universally adopted.