On many systems, it is unnecessary to have any kind of user
authentication; for instance, a workstation which is not connected to a
network probably does not need any user authentication, because to use
the machine an intruder must have physical access.
Sometimes, however, it is necessary to be sure that a user is authorized
to use some service a machine provides—for instance, to log in as a
particular user id (see Users and Groups). One traditional way of
doing this is for each user to choose a secret password; then, the
system can ask someone claiming to be a user what the user's password
is, and if the person gives the correct password then the system can
grant the appropriate privileges.
If all the passwords are just stored in a file somewhere, then this file
has to be very carefully protected. To avoid this, passwords are run
through a one-way function, a function which makes it difficult to
work out what its input was by looking at its output, before storing in
The GNU C library already provides a one-way function based on MD5 and
for compatibility with Unix systems the standard one-way function based
on the Data Encryption Standard.
It also provides support for Secure RPC, and some library functions that
can be used to perform normal DES encryption.