1. Field of the Invention
The present invention relates to the process of authenticating users within a computer system. More specifically, the present invention relates to a method and an apparatus for specifying a repository containing an authentication token to various plugins within a plugin framework.
2. Related Art
Distributed computing systems typically require a user to be authenticated prior to allowing the user to access services provided by the distributed computing system. This authentication process typically involves matching authentication information provided by the user with an authentication token stored within the distributed computing system. Distributed systems often use authentication tokens that specify a “user name” and a “password.” During operation of this type of system, a user is prompted to provide a user name and a password. The user name and password provided by the user are compared against user names and passwords stored within the system. If a match is found, the user is authenticated. Note that in general many other types of authentication tokens can be used (such as biometric information in the form of a fingerprint).
Distributed systems can potentially store authentication tokens in many different repositories. For example, authentication tokens can be stored in a local file system of the user's computer, in a network information service (NIS) database, in a NIS+ database, or in a lightweight directory access protocol (LDAP) database. Many other possible repositories can be used, as long as access control mechanisms within the distributed computing system are able to access the tokens. The system typically accesses these tokens to provide authentication, credential establishment, session establishment, session teardown, and password change operations.
Some computer systems make use of a plugin framework to access system plugins. At least one existing plugin framework facilitates passing authentication information into plugins that enable the plugins that perform authentication operations.
Unfortunately, these existing plugin frameworks have shortcomings. After accessing a given computer system within a distributed computing system, a user may want to access a different computer system, possibly in a different domain associated with a different repository containing different authentication information. Existing plugable frameworks do not allow different repositories for authentication information to be specified. Consequently, system programmers have developed solutions that bypass the plugin framework when a different repository is specified. Note that bypassing the plugable authentication system in this way largely defeats the purpose of the plugable authentication system.
What is needed is a method and an apparatus for specifying a repository for authentication information within a plugin framework without the problems described above.