Privilege Separation

Principle of Least Privilege:
Every program and every user should operate using the least amount of privilege necessary to complete the job.

Authentication services require many privileges:
Needs to convey privileges of all possible users.
Verify against password database, etc...

Successful attack leads to privilege escalation:
Adversary gains full control over compromised application and all its privileges.
Compromising authentication services leads to super-user privileges.
Secure Shell (SSH), FTP Servers, ...