1. Field of the Invention
The present invention relates to an information processing apparatus, a user authentication method, and a storage medium.
2. Description of the Related Art
A technology for improving the security of a system using a hash algorithm has been proposed. A hash algorithm has one-way and collision-resistant characteristics. Thus, a hash algorithm may be utilized when storing a password in a system. More specifically, a hash algorithm is utilized for storing a hash value of a password instead of storing the password as is. In recent years, successful attacks against hash algorithms have revealed the vulnerability of a message digest (MD) 5, which is a kind of hash function. Even if the attack on the hash algorithm is successful, the password cannot always be inferred from a hash value. However, in consideration of the improvement in security, a system needs to employ a hash algorithm that is different from the attacked one.
On the other hand, a system in which an information processing apparatus, which has executed user authentication, accesses another information processing apparatus based on the password input from a user to thereby acquire the execution result and data for the processing performed by the information processing apparatus of the access destination has been proposed. When an information processing apparatus accesses another information processing apparatus as described above, the information processing apparatus may require authentication from another information processing apparatus. Here, in general, a technology that utilizes authenticated ticket information to thereby realize a Single Sign-On service between the information processing apparatuses, such as Kerberos authentication, is widely employed. In order to realize such a Single Sign-On service, a system which employs a server such as a key distribution center (KDC) for centrally managing authentication information about users has been proposed. In the system, an information processing apparatus, service, or the like, which has received a ticket, confirms the validity of the ticket via a server to thereby confirm a user as the authenticated user. Consequently, authentication processing may be omitted.
In addition, a system which can access any information processing apparatus using the same authentication information without a server for centrally maintaining authentication information about users by holding the state of authentication information stored in the respective information processing apparatuses at the same state has been proposed. In the system, when an information processing apparatus accesses another information processing apparatus, authentication processing is executed by reusing authentication information about users, whereby a Single Sign-On service may be provided without requiring the input of authentication information again by a user. Japanese Patent Laid-Open No. 2009-093342 discloses an information processing apparatus that performs user authentication using a hash value managed by a local apparatus and then updates the hash value to a new hash value.