[Melbourne-pm] Apache auth and one time passwords.
daniel at rimspace.net
Wed Mar 9 19:31:02 PST 2005
I have a couple of web based systems that I would like to protect with a
one time password tool, and being lazy, I want to use the work someone
else has done to achieve this.
Obviously, the simplest implementation wouldn't work, since a different
one time password for every HTTP request would be a little
So, what I want is a system that will authenticate the user via OTP,
once, and retain that authentication for the client machine for a few
minutes via a cookie or similar.
At the moment, a mod_perl Authz handler looks like the best bet for
doing this, and I am figure that someone else must have done this, or
something similar, before.
So, can anyone point me to a solution that, in order of preference:
* ties OPIE to Apache for authentication?
* implements a "cookie based" authentication mechanism, with timeouts,
that I could easily hack OTP password support into?
Interestingly, most Unix utilities have a command line option which will cause
the system to rip the user's legs off and beat them to death with the soggy
ends. This is often the default behaviour.
-- Bruce Murphy
More information about the Melbourne-pm