Access control is such that only limited users are permitted to refer to a file or change the configuration thereof. In the access control, the owner of a file, for example, is allowed to set an attribute that only the owner can overwrite the file, only users belonging to the group to which the owner belongs can overwrite the file, or all the users are allowed only to refer to the file, for example. An example of the conventional distributed access control system is described in Patent Publication JP-2000-311138A. An object of this conventional distributed access control system is to perform, upon occurring of an access to a server from a number of end users, an efficient verification for legitimacy of the access.
FIG. 22 shows the configuration of the conventional distributed access control system described in the above patent publication. The distributed access control system 500 includes a plurality of network access servers (NASs) 501, a single index server 502, a plurality of authentication servers 503, and a plurality of user information databases 504 each corresponding to one of the authentication servers. When an end user forwards an access request to one of the plurality of NASs 501, the NAS 501 which received the request refers to the index server 502 and determines one of the authentication servers 503 to which the authentication request is to be transferred. Thereafter, the authentication request is transmitted to the thus determined authentication server 503, and the authentication server 503 performs authentication and verifies the legitimacy of the request.