From owner-freebsd-security@FreeBSD.ORG Sun Dec 14 04:50:17 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A137316A4CE for ; Sun, 14 Dec 2003 04:50:17 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D559243D32 for ; Sun, 14 Dec 2003 04:50:15 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) hBECoEnp057001; Sun, 14 Dec 2003 12:50:14 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)hBECoEr7057000; Sun, 14 Dec 2003 12:50:14 GMT (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])hBECjHpD044491; Sun, 14 Dec 2003 12:45:17 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200312141245.hBECjHpD044491@grimreaper.grondar.org> To: Brett Glass In-Reply-To: Your message of "Sun, 14 Dec 2003 00:57:04 MST." <6.0.0.22.2.20031214005309.04ba9528@localhost> Date: Sun, 14 Dec 2003 12:45:17 +0000 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Mailman-Approved-At: Sun, 14 Dec 2003 05:25:46 -0800 cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 12:50:17 -0000 Hi This is now off FreeBSD (no more PAM), and is VERY httpd/Apache specific. I suggest you move it to the Apache lists, where no doubt more Apache experts will be able to help you out. Thanks! M Brett Glass writes: > At 10:45 PM 12/13/2003, Matthew D. Fuller wrote: > > >HTTP AUTH sends the user/pass strings with every request (more precisely, > >the browser caches what you put in, and sends it every time the server > >returns a 401 with the same realm name.) > > I apologize; I wasn't being clear. My question was, does the Apache > server then send the user name and password on to the library that > is doing authentication every time? Or does it recognize that the > user and password (and/or IP) are the same as before and allow > subsequent hits? > > --Brett > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mark Murray iumop ap!sdn w,I idlaH