By default, a standalone Linux machine uses two files for authentication purposes. The first file is /etc/passwd. Originally, this file contains the usernames, user IDs, home directories, login commands and also passwords. Although an administrator can limit access permissions, it is not practical. This is because the same file contains critical (but not sensitive) information that is required by many programs.
As a result, later on, another file is used to store passwords. This file is /etc/shadow. It shadows /etc/passwd. However, because /etc/shadow only contains passwords, its access permission can be limited so that all non-privileged programs cannot read it.
It is important to understand that each user has both a username (symbolic name for logging in) and a user ID (an integer value to uniquely identify the user.
While this scheme works fairly well on a single standalone machine, it has certain problems. Let us consider the use of NFS (network file system).
An NFS volume uses the concepts of groups and users to identify ownership of files. Furthermore, these groups and users are identified by user IDs (UIDs) and group IDs (GIDs), much like the UIDs stored in /etc/passwd and GIDs stored in /etc/group. This does not present a problem as long as the server and client assign the same UIDs and GIDs.
UIDs and GIDs are sequential numbers. In other words, if the user knelson is created immediately before the user jcolins, then the UID of knelson is exactly one less than that of jcolins. This also means that even if two machines have the same users, if the order of account creation is different, then the machines assign different UIDs for each user. This becomes a big problem with NFS.