Chapter 14. Network-Based Authentication Systems
Any
system that is designed to provide services over a network needs to
have several fundamental capabilities:
A system for storing information on a network server
A mechanism for updating the stored information
A mechanism for distributing the information to other computers on
the network
Early systems performed these functions and little else. In a
friendly network environment, these are the only capabilities that
are needed.
However, in an environment that is potentially hostile, or when an
organization's network is connected to an external
network that is not under that organization's
control, security becomes a concern. To provide some degree of
security for network services, the following additional capabilities
are required:
- Server authentication
-
Clients need to have some way of verifying that the server they are
communicating with is a valid server.
- Client authentication
-
Servers need to know that the clients are valid.
- User authentication
-
There needs to be a mechanism for verifying that the user sitting in
front of a client workstation is, in fact, who the user claims to be.
- Data integrity
-
A system is
required for verifying that the data received over the network has
not been modified during its transmission.
- Data confidentiality
-
A system is
required for protecting information sent over the network from
eavesdropping. Users should have access only to information to which
they are entitled.
- Transaction audit
-
There needs to be some way to record
general details of what happened, who caused it to happen, and when
it happened.
These capabilities are independent of one another. A system can
provide for client authentication and user authentication, but also
requires that the clients implicitly trust that the servers on the
network are, in fact, legitimate servers. A system can provide for
authentication of the users and the computers but send all
information without encryption or digital signatures, making it
susceptible to modification or monitoring en route.
Obviously, the most secure network systems provide all of these
network security capabilities (and often more).
This chapter considers the problem of user authentication in an
environment in which there are multiple workstations available to
users, connected through an untrusted and potentially unsecure
network. For convenience, we'd like to have user
account data stored on a central server, but for redundancy we might
like to have that central server's data replicated
on other servers in real time. For security, we need to ensure that
when a user logs into a workstation, his identity is authenticated
against the central server's data store without
exposing private data on the untrusted network. As
we'll see, several solutions to this problem have
been offered—including NIS, NIS+, Kerberos, and LDAP—but
none has been universally adopted.
|