The present invention relates to a user authentication technique in a storage system connected to a network.
As a result of recent developments in a network technique and an information recording technique, a so-called network storage system has appeared in which a mass storage system is connected to a network and is shared by many users. In such a storage system shared by many users, in order to prevent the leakage of secret information and the unauthorized alteration of data, an authentication technique is required with which it is judged whether a user who is attempting to access data has an access right. Therefore, a user authentication technique based on a combination of a user name and a password is widely used (see IEEE Draft P1003.1e, Draft Standard for Information Technology—Portable Operating System Interface (POSIX)—Part 1: System Application Program Interface (API)—Amendment#: Protection, Audit and Control Interface [C Language], October 1997).
With this authentication technique, when attempting to log in to a network storage system, a user inputs his/her user name and password and, if the inputted user name and password match any one of registered pairs of user names and passwords, he/she is judged as an authorized user and is permitted to access a file owned by himself/herself in the system.
In the practical use of such an authentication technique, there may be a case where a user no longer needs to access a network storage system due to retirement or the like. In such a case, an administrator of the system deletes the registration of his/her user name and password in ordinary cases. At this time, files owned by the user may be owned by another user by changing the owner of the files. However, there also exist files, such as an e-mail archive, that are inappropriate for the owner changing and such files are set accessible only by the administrator after the deletion of the registration of the user name and password.
Under the recent regulations by law and the like, the long-term storage of data is obligated and it is expected that an opportunity to access old data for the sake of an audit or the like will increase. There is a case where such old data includes data owned by a user who is now nonexistent due to retirement or the like. If the user name and password of the nonexistent user are deleted, it becomes impossible for a person other than the administrator to access files owned by the user. Therefore, each time an audit or the like is conducted, there arises the necessity for the administrator to access such data. If the number of audits or the number of files to be accessed is large, a load placed on the administrator increases and the practical use becomes difficult in actuality.
There is another possible case where the user name and password of the nonexistent user are not deleted and another user (superior of the nonexistent user, for instance) is delegated to access the files owned by the nonexistent user. In this case, however, the registration of the user name of the nonexistent user remains, so that it becomes impossible to newly register another user using the same user name. Therefore, when the user name and password are not deleted, the range of selection of user names is gradually narrowed and convenience decreases.