Field of the Invention
The present invention relates to an information processing apparatus that supports a plurality of authentication schemes and is capable of user authentication by each authentication scheme, a control method for the information processing apparatus, and a storage medium.
Description of the Related Art
Multifunction peripherals (MFPs) having a plurality of types of functions such as an image reading function, a printing function, and a communication function are widely known. Many MFPs have a user authentication function for authenticating each user, to control whether or not the user is allowed to use each function. The user authentication function manages, as user information, not only information (a user name, a password, a contactless card ID, etc.) necessary for authentication but also user attributes such as a display name and an e-mail address of each user displayed on an operation panel. The user authentication function can be used not only in the case where the user operates the MFP via the operation panel but also in the case where the user remotely accesses the MFP from a PC or the like connected to the MFP via a network and uses the functions of the MFP.
Access to the MFP from a PC via a network is not limited to the above-mentioned case of remote access, but includes the case of accessing the MFP using the Simple Network Management Protocol (SNMP) for managing and controlling the MFP. Particularly in the case of using SNMP version 3 (SNMPv3) described in RFC 3414, “User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)”, December 2002, user authentication information is added to each command transmitted from the PC to the MFP, enabling the MFP to authenticate the user who uses SNMPv3.
The MFP-specific user authentication function mentioned above is intended to authenticate the user when the user uses the functions of the MFP by any access method such as access via the operation panel or access via the network. On the other hand, the user authentication function available in SNMPv3 is protocol-dependent, and requires protocol-specific settings for an authentication algorithm, an encryption algorithm, and the like. Normally, user authentication information used by the MFP-specific user authentication function and user authentication information used by the user authentication function available in SNMPv3 are managed individually. The latter user authentication information is typically managed in a management information base (MIB).
In such a case where, in an MFP that supports a plurality of authentication schemes, authentication information (user information) for user authentication by each authentication scheme is managed individually, overlapping sets of user information corresponding to the same user are managed. This could complicate the management of user information. Besides, if the user has registered a different authentication password for each authentication scheme, the user needs to use an individual password for user authentication by each authentication scheme. This could reduce user-friendliness. It is desirable that, for example when the user specifies the MFP from an external PC using SNMPv3 and accesses the specified MFP, user information common to some extent can be used for user authentication according to SNMPv3 and user authentication specific to the MFP.