First page Back Continue Last page Overview Graphics

A central password server?

Web server asks user for user-name/password
Web server sends user-name/password for validation to central server
If validation succeeds, the web server gives the user the resource they want
... and can now impersonate the user on every other web server in the system

Notes:

In the University (at least) we couldn't use a system where the security of each website depended on all other sites being secure and well run.