Authentication is needed in a large network environment, where masquerading as another user is possible. Access to system resources should be authenticated each time a user attempts to gain access to an object.
The authentication service identifies the user from the submission of control information, such as a password or other secret information. Transfer of control information over the network from the client to the server must be secure to avoid compromising security. This is usually accomplished by encrypting the control information, which includes not only the password but also the network address and timestamp.