[Melbourne-pm] Apache auth and one time passwords.

Daniel Pittman daniel at rimspace.net
Wed Mar 9 19:31:02 PST 2005

I have a couple of web based systems that I would like to protect with a
one time password tool, and being lazy, I want to use the work someone
else has done to achieve this.

Obviously, the simplest implementation wouldn't work, since a different
one time password for every HTTP request would be a little
user-unfriendly. ;)

So, what I want is a system that will authenticate the user via OTP,
once, and retain that authentication for the client machine for a few
minutes via a cookie or similar.

At the moment, a mod_perl Authz handler looks like the best bet for
doing this, and I am figure that someone else must have done this, or
something similar, before.

So, can anyone point me to a solution that, in order of preference:

* ties OPIE to Apache for authentication?
* implements a "cookie based" authentication mechanism, with timeouts,
  that I could easily hack OTP password support into?

Interestingly, most Unix utilities have a command line option which will cause
the system to rip the user's legs off and beat them to death with the soggy
ends. This is often the default behaviour.
        -- Bruce Murphy

More information about the Melbourne-pm mailing list