| |
Pre-authentication and authentication
Modern access control products generally use two techniques for
authenticating users:
Pre-authentication and authentication. Both have their advantages and disadvantages.
The diagram below shows the startup procedure
using a hard disk. The computer's MBS
(master boot sector) is executed. This then attempts to start the SBS
(system boot sector) which, in turn, launches the operating system. In the
case of DOS, the operating system looks for
the files config.sys and
autoexec.bat and
runs them.TA
system based on pre-authentication replaces
the MBS with its own logon program
that prompts for a user ID and password. A
system based on authentication inserts a command into the autoexec.bat
that prompts
for a user ID and password. A
pre-authentication system provides a high level of security, because it does
not depend on the operating system. However
the system cannot be integrated with
the user IDs and passwords used in the network, nor is it possible to perform
updates from the server before the user is logged on. This means that maintaining
systems based on pre-authentication is tedious. In
the case of authentication, a logon program is started from the autoexec.bat,
allowing the network drivers to be started
and updates performed before the user
is logged on. This allows integration between the network and the access control
system.
Security FAQ
Windows Privacy Tools - http//www.privacywindows.com
| |
