Date: Sun, 14 Dec 2003 00:57:04 -0700 From: Brett Glass <brett@lariat.org> To: "Matthew D. Fuller" <fullermd@over-yonder.net> Cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? Message-ID: <6.0.0.22.2.20031214005309.04ba9528@localhost> In-Reply-To: <20031214054519.GD78055@over-yonder.net> References: <6.0.0.22.2.20031210115335.04c2fc50@localhost> <20031210093927.70c87960.amonk@gnutec.com> <6.0.0.22.2.20031210124332.04e94ac0@localhost> <16343.33321.632599.190251@oscar.buszard-welcher.com> <6.0.0.22.2.20031210173916.04f57be8@localhost> <20031211101551.GA27435@nikkel.com> <6.0.0.22.2.20031213193447.04e80930@localhost> <20031214054519.GD78055@over-yonder.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:45 PM 12/13/2003, Matthew D. Fuller wrote: >HTTP AUTH sends the user/pass strings with every request (more precisely, >the browser caches what you put in, and sends it every time the server >returns a 401 with the same realm name.) I apologize; I wasn't being clear. My question was, does the Apache server then send the user name and password on to the library that is doing authentication every time? Or does it recognize that the user and password (and/or IP) are the same as before and allow subsequent hits? --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031214005309.04ba9528>