1. Field of the Invention
The present invention relates to an information processing apparatus, an information processing method, and a non-transitory computer readable medium and, more particularly, to authentication of a user.
2. Description of the Related Art
When performing user authentication between information processing apparatuses connected to a network, a user password converted by a hash function is often used for authentication. As the hash function to be used, there exist hash functions of different security strengths such as MD4 (Massage Digest Algorithm 4), MD5, and SHA1 (Secure Hash Algorithm 1). The hash function to be used changes depending on the authentication protocol. For example, MD4 is used in NTLM (Windows NT LAN Manager) authentication, and SHA1 is used in SNMPv3 (Simple Network Management Protocol version 3). As the password storage method in an information processing apparatus, a hashed password is often stored. Japanese Patent Laid-Open No. 2011-199718 proposes a method of integrating two hash protocols.
However, if an unhashed password is stored, and hashing is performed in every authentication considering an increase in the number of usable hash functions, the user database need not be extended, and adding hash functions suffices. Note that an unhashed password is normally stored after encrypting a key managed by an information processing apparatus.
When user information including password information is commonly used in an environment where a plurality of information processing apparatuses exist, the user information needs to be synchronized. At this time, when user information is shifted from an information processing apparatus as a reference source that manages a hashed password to an information processing apparatus that manages an unhashed password, the password cannot be returned to the state before hashing because the hash function is a one-way function (irreversibility). As a result, a state in which the user information cannot be synchronized may occur between the information processing apparatuses using different password management methods. In this case, the user needs to shift the password in each information processing apparatus, resulting in heavy load.