[1817] in WWW Security List Archive
Re: logins to secure web pages
daemon@ATHENA.MIT.EDU (Holger Reif)
Fri Apr 12 04:55:55 1996
Date: Fri, 12 Apr 96 08:24:26 +0200
From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
To: bretg@ctt.bellcore.com
Cc: anish@ctt.bellcore.com, sreed@ctt.bellcore.com,
www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> >kwhittle@nebula.tbe.com wrote:
> >> How can I set up multiple http servers to accept the same username and password
> >> information without having to enter it multiple times?
> >
> >You can't do it with the existing basic authentication scheme since a name/passwd
> >pair is corelated to a domain (ie. a directory of a server and the subdirs)
> Actually, you CAN do it. I ran in to the same problem that kwhittle describes
> and solved it with a Proxy server. (I used Netscape's, but I assume any one
> will do.)
Yes that would be a solution. But I would like to point out that this kind of
proxy server has nothing to do with the proxy server you specify in the browser's
setup but rather is direct address and the browser doesn't has a clue about
the proxiing.
> Now add a proxy.
> http://P:1111/A maps to http://A:1234
> http://P:1111/B maps to http://B:5678
What did you use for this proxy server?
> I think the other response about SSL client authentication
> wouldn't help in this case.
Uh! Sure it could help. Not today but "real soon now" :-)
You don't have a username/passwd for every machine/port/realm combination rather
than a certified id and key which you use to authenticate yourself against the
server. This id is the same for all servers an could be used for access control.
read you later - Holger Reif
---------------------------------------- Signaturprojekt Deutsche Einheit
TU Ilmenau - Informatik - Telematik (Verdamp lang her)
Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber
http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen
