Authenticating the client The server must authenticate clients Depending on protocol, this may occur over crypto layer. If so Authentication info can be stored on server In clear As one-way-hash (MD5, SHA-1, crypt(), etc) No need for challenge/response authentication Otherwise, authentication must be challenge/response based Authentication would need to be by pubkey-style auth, or PSK (preshared key) would need to be available on server
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at Real World Linux, 2003.
Presentation created using vim and MagicPoint.