Date: Sun, 14 Dec 2003 12:45:17 +0000 From: Mark Murray <mark@grondar.org> To: Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? Message-ID: <200312141245.hBECjHpD044491@grimreaper.grondar.org> In-Reply-To: Your message of "Sun, 14 Dec 2003 00:57:04 MST." <6.0.0.22.2.20031214005309.04ba9528@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi This is now off FreeBSD (no more PAM), and is VERY httpd/Apache specific. I suggest you move it to the Apache lists, where no doubt more Apache experts will be able to help you out. Thanks! M Brett Glass writes: > At 10:45 PM 12/13/2003, Matthew D. Fuller wrote: > > >HTTP AUTH sends the user/pass strings with every request (more precisely, > >the browser caches what you put in, and sends it every time the server > >returns a 401 with the same realm name.) > > I apologize; I wasn't being clear. My question was, does the Apache > server then send the user name and password on to the library that > is doing authentication every time? Or does it recognize that the > user and password (and/or IP) are the same as before and allow > subsequent hits? > > --Brett > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312141245.hBECjHpD044491>