Before you can begin working with your computer, you have to log in. At least, this is true in the UNIX world and corporate Windows world. In order to gain access to the computer, the installed software, and data, you have to prove who you are. This is the authentication problem (or solution, depending on your view). Typically, you have to provide two items: a user name and a password. Only if the user name exists in the user database and the password matches, will you gain or be granted access.
Traditionally, UNIX authentication is done by comparing the (encrypted) password for the user in the password file (/etc/shadow
for most modern UNIX and Linux systems, and /etc/passwd
in the old days), but each program that requires authentication implements its own authentication mechanisms. The wilderness of authentication mechanisms becomes more visible when you add various applications that are doing some sort of authentication. Logging in directly to a graphical user interface requires a display manager, which must be able to validate the users. Now add services like FTP, TELNET, IMAP, SSH, and possibly a growing set of web applications, which require authentication of their users. As a system administrator you will end up spending a lot of time maintaining many user databases besides /etc/passwd
. Your might have a nightmare if the user databases become inconsistent, for example, a misspelled user name in one place can be difficult to find. Moreover, the users have to remember many user names and passwords.