[870] in RedHat Linux List
Re: Apache 1.1.1 & Caching Passwds
daemon@ATHENA.MIT.EDU (Steve \"Stevers!\" Coile)
Fri Oct 25 09:03:56 1996
Date: Fri, 25 Oct 1996 09:00:49 -0400 (EDT)
From: "Steve \"Stevers!\" Coile" <scoile@patriot.net>
To: bandregg@idir.net
cc: redhat-list@redhat.com
In-Reply-To: <slrn570f0l.5q5.bandregg@hueco.idir.net>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Thu, 24 Oct 1996, Bryan C. Andregg wrote:
>I am looking for a way to set the amount of time that the server will
>allow a client to connect to a restricted area before requesting the
>password again. The setup I need is:
>
>1. client connects to passwd restricted web-page.
>2. server queries for password and approves
>3. If client is idle for more than 1 minute, the server requests the
>passwd again.
>
>Is this possible? It would greatlt promote Linux over NT where I work
>if so.
It's most certainly possible, but it's not part of standard Apache
(to my knowledge). George Mason University, where I used to work, had
a similiar requirement. We developed a CGI-level software suite that
handled authentication and authentication expiration. You're probably
going to have to either that, write (or modify) an (existing) Apache
module, or modify Apache itself.
Also, bear in mind that HTTP-based authentication is not secure. If you
read the HTTP 1.0 standard, you'll find that it discourages the use of
HTTP-based authentication for anything truely sensative. HTTP 1.0 is not
designed for security (much like the rest of the Internet protocols).
I have no experience with HTTP 1.1, I can't comment on it. Look into
HTTPS and SSL.
Does the NT server already offer this functionality?
-Steve Coile
Systems Engineer, Patriot Computer Group
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
