User Identification and Authentication

When you log in to a machine running a multi-user operation system at console or through TELNET, you supply a login name and a password. The login name identifies you to the system by making an association with an existing entry in the user account subsystem, the entry representing you as a valid system user. Within the system, a different value may be used as the user identity to simplify processing. For example, most of the UNIX systems use an integer value, known as userid, to identify the user.

Mere knowledge of the login name is no guarantee that it is indeed you who is at the keyboard, for the login name is likely to be known to others. What you need is the ability to prove the identity claim or, in ...

Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.