Layering central authentication on existing distributed system terminal services

Abstract

An approach to the secure logon problem in distributed systems managed by a single authority is considered in which central authentication is layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results demonstrate that layering can be used in certain circumstances to provide central authentication services, although, as a result, the concomitant maintenance costs may increase. It was also determined that terminal service features are necessary so that central authentication is easily layered over existing terminal services. Recommendations are made concerning how to structure terminal services in a distributed system to support an integrated central authentication service.<>