The present invention relates generally to data processing systems and, more particularly, to network-based authentication of a computer user.
Conventional stand-alone computers typically perform their own authentication, a process known as local authentication. A xe2x80x9cstand-alone computerxe2x80x9d refers to a computer that is fully functional without having to connect to another device. Since the computer is fully functional, it has a processor, input/output capabilities, and an operating system with a file system. Conventional stand-alone computers perform local authentication by authenticating a user when the user attempts to log into the computer and then, based upon the outcome of the authentication, by either allowing or inhibiting the user form using the services of the computer. The term xe2x80x9cservicesxe2x80x9d refers to functionality provided by the computer system, such as access to the file system, e-mail system, or calendaring system.
Performing local authentication has its drawbacks in certain environments. Specifically, performing local authentication in a large organization is difficult because a large organization typically has many users using many interconnected computers, and multiple users may utilize the same computer. In such an organization, the computers are interconnected via a network, such as a local-area network, wide-area network, or the Internet, and it would be very difficult to enable each computer to authenticate any user that may want to use it. Another drawback is that a system administrator is typically unable to control access and use of each of the individual computers unless he configures each one individually. Such an effort is very time consuming and is not practical for large organizations. It is therefore desirable to improve the authentication scheme of computers that are interconnected by a network.