Simple Client Authentication

• Obvious risk: impersonation

• Server needs to confirm identity of each client – NOT scalable

• Use an authentication server (AS)

  • Knows password of all users (database)
  • Shares a secret key with each server