Abstract
Logon in distributed systems can be accomplished in various ways. One technique, known as central authentication, is advantageous with respect to its excellent security properties. Normally, central authentication is provided by either initially designing it into a distributed system or supporting it through the modification of distributed system and host operating system software. As an alternative strategy, central authentication can be layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results demonstrate that layering can be used in certain circumstances to provide central authentication services, although, as a result, the concomitant maintenance costs may increase. It was also determined what terminal service features are necessary so that central authentication is easily layered over existing terminal services. Recommendations are made concerning how to structure terminal services in a distributed system to support an integrated central authentication service.