1. Field of the Invention
The present invention generally relates to network operating systems for computers, and in particular, to a method and apparatus for dynamically binding network identities to locally-meaningful identities on a particular computer in a network of computers.
2. Description of Related Art
Local area networks (LANs) allow personal computers (PCs) to share resources typically located at a host computer, such as files and printers. These types of networks are generally referred to as client/server networks, wherein the PCs are considered "clients" whose requests are processed by the host "server".
Network operating systems are increasingly making use of "network-wide" user identities in which a "network user", such as John Smith, is given a single network-wide identity that can be used to uniquely identify that user anywhere in the network. Network-wide user identities simplify administrative and other tasks by permitting a single network-wide "name" to be used to identify a particular user regardless of network topology or organization. However, server computers typically require a separate locally-meaningful user identity or account to track ownership and usage of resources local to the server computer. For example, UNIX systems use the locally-meaningful integer "User Identifier" or simply "uid" to track ownership of files, directories and processes.
Because the set of valid "network users" can be vastly larger than the number of individual users that can be adequately supported on a particular server computer, it is impractical to create a locally-meaningful identity for every network user on each and every server on the network. For example, a university may have tens of thousands of students who are each distinct "network users", but creating tens of thousands of local user accounts on a number of different server computers is impractical on all but the largest computers.
There are a number of solutions to the problem. For example, one can manually create a local identity or account for every network user on each and every server computer that the user plans to use, and manually bind the user's network identity to each and every one of these locally meaningful user accounts. This solution requires that the administrator know in advance every server that each user will wish to use.
Over time, usage patterns are bound to change and users will no doubt periodically stumble across servers where they cannot perform network operations because they do not have local user accounts. At that point, a user would have to contact the system administrator for that server to have a local identity created and bound to the user's network identity.
Another solution is to map all network users to a catch-all local user account on each server, for example, by mapping all network identities to a local identity called "guest." While this is technically simple, because it essentially bypasses user account mechanisms by homogenizing all users into a single user account, it creates a virtually unmanageable situation on servers. Since all files, directories and resources created and owned by network users would be identified as being owned by a local identity of "guest," it is very difficult for the administrator to determine who actually owns the files, directories or resources on the server. Without knowing the owner of a file (for example), it is difficult to accurately allocate the costs associated with that resource to the individual owner or user.
Thus, there is a need in the art for improved techniques of assigning network identities to locally meaningful identities.