"FX" <ta*****@gmail.com> writes:
Well, it goes like this. U sign up for email, ur password is taken,
operated b one way hash! the hash used may be MD5 (good one). The
hashed result is stored into database.
Whenever u access ur mail with that passoword, it is operated by the
same hash (md5) to get the same result. If ur password is different,
the resulted hash would not match, hence access would b denied.
Hence password is quiet secured and cannot be retrieved, it can however
be reset by some special defined means...
majority of ISPs have an intermediary process involving radius
.... that provides authentication, authorization, and accounting
management and administration.
small confession ... for a small startup isp in previous lifetime, i
was actually involved in configuring radius for real livingston box
since then it has become an ietf standard
from
http://www.garlic.com/~lynn/rfcietff.htm
in the "RFCs listed by" section, click on "Term (term->RFC#)"
and scroll down to
remote authentication dial in user service (RADIUS )
see also authentication , network access server , network services
4014 3580 3579 3576 3575 3162 2882 2869 2868 2867 2866 2865 2809
2621 2620 2619 2618 2548 2139 2138 2059 2058
clicking on the rfc number brings up the rfc summary in the
lower frame (if you are using frames).
clicking on the ".txt=nnn" field in a rfc summeary, retrieves the
actual RFC.
it tends to support a number of various authentication methods, for
instance if you configure PPP on your personal machine for use with
ISP ... you may be presened 3-4 different options ... which includes
clear-text transfer of a password ... but also stuff like CHAP
(challenge response).
there have even been some number of radius versions done where a
public key is registered in lieu of a password and the client performs
a digital signature operation ... with the server performing digital
signature validation using the on-file public key.
besides ISPs using radius for login, email authentication, newsgroup
authentication, etc. ... there are also major applications (like some
of the database systems and web servers) providing radius interfaces
for performing authentication operations.
--
Anne & Lynn Wheeler |
http://www.garlic.com/~lynn/