On Sat, 19 Jul 2014 23:05:22 +0000 Mark jensen <ngiw2012@xxxxxxxxxxx> wrote: > what I really want is to deploy single sign on, I have authenticates > users using ieee802.1x and put the authenticated users in a DB, BUT I > authenticate only the inside ( inside my network ) users, and I don't > want apache to reauthenticate them, I want apache only to > authenticate the outside users, what I have suggested in the last > message is to let apache do a query to my DB and find if the users is > already authenticated by ieee802.1x : If apache find the user on this > DB it don't ask him for a credentials, otherwise it does I am still missing the part where you know who the user is so that you know whether or not to authenticate him. Until he logs in you don't know who he is but it sounds like you want to use his identity to decide whether he needs to log in or not. You mention IEEE 802.1X. That authenticates a device. Do you have some sort of guarantee that a device only has one user? Anyway, assuming that you have all the guarantees that you need I don't think that HTTP authentication will work for you. It sounds like you need to use session cookies and some programming for this to work. You can base your logic on the IP address of the sender and either send them to a login screen or directly to the application. Remember, if they aren't inside your network you have to be aware that multiple devices can share one IP address due to NAT and even one real device can have multiple users. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:darcy@xxxxxxx VoIP: sip:darcy@xxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|