1. Field of the Invention
The present invention relates to methods and associated hardware and software systems for authenticating the identity of a user for use in a distributed computer network. More particularly, the invention relates to methods and systems for authenticating the identity of a user from multiple sites of access against multiple sets with possible different levels of access credentials.
2. General Background and State of the Art
Authentication is the process of determining that an authorized user has initiated a request and that the request was not modified improperly by an interloper on the way to the destination. For example, when a person requests access to a host computer (or an automatic teller machine, telephone banking system, or any other type of computer), how does the host know who that person is? How does the host know he or she is not someone else trying to falsify the user's identity? Traditionally, passwords solve this problem. A person enters his or her password, and the host confirms that it is correct. Both the user entering the password and the host know this secret piece of knowledge and the host requests it from the user every time he or she tries to log in. Upon receiving a username and password from the user, a host computer compares the password to a list of authorized usernames in an access control file, and if the password matches the password associated with that username, the host computer allows access.
In the situation just described, however, it is assumed that the user and host are communicating over a secure connection; otherwise, interlopers could intercept the communications from the user to the host and steal the username and password information. The interloper could then illegally access the host at a later time by using the stolen username and password information. In a networked system comprising multiple interconnected computers, a first computer may request service from a second computer or destination server. This first computer is typically called a client. In order to receive service from a destination server, the client must begin by authenticating itself with the destination server. However, because the client may be communicating to the destination server over an insecure line, the client cannot simply send a password in the clear. Instead, the client and the destination server may engage in a multiple query and response exchange, constituting an authentication process, which will convince the destination server that the requesting client is an authorized user.
Storage management systems, such as IBM®'s Tivoli® Storage Manager (TSM) product, provide backup/archive and space management support through the migration of less frequently used files to storage in order to free space. In a storage management environment, the server provides hierarchical storage management and flexibility through the backup of files on tape drives, optical disks, and other storage medium. The backup feature saves copies of files from a client computer to a storage space managed by a server. Thus, data at a client computer is protected in the event of data loss due to a hardware or software failure, accidental deletion, and/or logical corruption. In a typical storage management system, clients can backup volumes, directories, subdirectories or files. Some storage management systems allow incremental backup of only those files that have been changed. In this way, the storage management system avoids the need to do a full dump to backup as only those files that are modified are backed up. This incremental backup reduces network utilization and traffic, as well as storage space.
Storage management systems typically define users having different access privileges. Each user is assigned different privileges for the various resources located on the server. For example, some users may be permitted to make changes to files backed up from other users machines, while others only have access to their own files. In this example, access privilege setting therefore defines which files a particular network user is allowed to view and/or change. Granting users access to a system in a networked environment requires the use of an authentication system to ensure security. Administrative privileges are used to manage the resources of the storage management server, set policies for managing user data, register, update, and delete new users.
Storage management systems such as the TSM system have two broad classes of users: client node users and administrators. Client node users are general users, given the name “node” because they store or “own” data on the server. They have general access to functions such as manipulating files that are shared amongst other users on the network, and backing up data local to their own computer onto the server for safekeeping. Other users, such as administrators are not associated with ownership of backup or archive data and have authorities that determine which aspects of the storage management system that they can control, such as the storage hierarchy, policy, and server settings. Administrators are responsible for ensuring that the entire system is running smoothly. Typically they assign different levels of access privileges to users for manipulating resources on the system. System administration of the network has traditionally been done directly from a console connected to the server, or from other locations running specially designated administrator software or programs.
The system distinguishes node users from admin users by maintaining them as separate ID's in separate database tables. These tables do not share the same common name space. That is, there can exist both a node ID and an admin ID of the same name. Authentication of each type of user would be performed separately. Since client node users usually access the system from designated locations, those locations only authenticate users against the appropriate table of node users in the database. Similarly, administrative computers performed authentication only against the admin table of ID's. Traditionally, this has not been a problem because node type operations have always been separate from admin type operations; node users typically access the system from their desktop computer which runs client node software, and administrators access the system from the server console or other machine running administrator
The present invention addresses the shortcomings of the prior art.