[Melbourne-pm] Apache auth and one time passwords.

Mike McCauley mikem at open.com.au
Wed Mar 9 21:08:06 PST 2005

On Thursday 10 March 2005 13:31, Daniel Pittman wrote:
> I have a couple of web based systems that I would like to protect with a
> one time password tool, and being lazy, I want to use the work someone
> else has done to achieve this.
> Obviously, the simplest implementation wouldn't work, since a different
> one time password for every HTTP request would be a little
> user-unfriendly. ;)
> So, what I want is a system that will authenticate the user via OTP,
> once, and retain that authentication for the client machine for a few
> minutes via a cookie or similar.

Can be done.

> At the moment, a mod_perl Authz handler looks like the best bet for
> doing this, and I am figure that someone else must have done this, or
> something similar, before.
> So, can anyone point me to a solution that, in order of preference:
> * ties OPIE to Apache for authentication?
Apache->mod_auth_radius->radius server->opie

> * implements a "cookie based" authentication mechanism, with timeouts,
>   that I could easily hack OTP password support into?
mod_auth_radius does that automatically, with configurable cookie timeouts 

> Thanks,
>         Daniel

Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

More information about the Melbourne-pm mailing list