[Melbourne-pm] Apache auth and one time passwords.
Mike McCauley
mikem at open.com.au
Wed Mar 9 21:08:06 PST 2005
On Thursday 10 March 2005 13:31, Daniel Pittman wrote:
> I have a couple of web based systems that I would like to protect with a
> one time password tool, and being lazy, I want to use the work someone
> else has done to achieve this.
>
> Obviously, the simplest implementation wouldn't work, since a different
> one time password for every HTTP request would be a little
> user-unfriendly. ;)
>
> So, what I want is a system that will authenticate the user via OTP,
> once, and retain that authentication for the client machine for a few
> minutes via a cookie or similar.
Can be done.
>
>
> At the moment, a mod_perl Authz handler looks like the best bet for
> doing this, and I am figure that someone else must have done this, or
> something similar, before.
>
> So, can anyone point me to a solution that, in order of preference:
>
> * ties OPIE to Apache for authentication?
Apache->mod_auth_radius->radius server->opie
> * implements a "cookie based" authentication mechanism, with timeouts,
> that I could easily hack OTP password support into?
mod_auth_radius does that automatically, with configurable cookie timeouts
etc.
>
> Thanks,
> Daniel
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
More information about the Melbourne-pm
mailing list