Authentication
Authenticating is proving an identity. The person offering the identity is asked to supply some secret token that proves the declaration of identity is correct. Often the token is a password, but it can be a public key infrastructure (PKI) X.509 certificate or some other form of privately owned information that substantiates the identity's ownership.
The I2A2 Authentication DBM
A dedicated data base manager (DBM) of the I2A2 system supports the checking of identities. Users interact with the DBM via the authentication network daemon, authcnetd, using a simple ASCII protocol. The authentication DBM also provides a store for the public part of X.509 certificates.
Authentication Realms
The authentication DBM's database is partitioned into administrative authentication realms to allow departments flexibility in implementing their own authentication security policies. Realms are created by their inclusion in the realm configuration file by an I2A2 administrator.
Authenticating
Users authenticate to a realm either by presenting a Purdue-issued X.509 certificate when they connect to authcnetd, or by sending an identifier and a password over an SSL connection.