Re: Basic allow/deny based on cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> Questions
> Is my idea considerable ?
> I've read documentation of mod_access_compat and mod_usertrack but I don't see how to make them work together. Can anyone point me in the right direction ?
> I'm open to other suggestions given they fall into the constraints I mentioned above.

Regardong cookie authentication using something like libapache2-mod-auth-memcookie (Debian/Ubuntu) in SSL host should provide what you want. The ssl should protect you from traffic sniffing and MITM.

The suggestion of using client ssl certificates will also do the trick but that requiers setting up PKI and self signed CA, or CA signed by official authority depends on how important the certificate verification is for you. The apache config is then explained in Apache 2.x official documentation. The link sent to you in the previous reply should also do.

Only other autologin option I can think of might be basic apache authentication and then you put the encripted username and password in the url or query string. Then you can put this url as a shortcat on each client station desktop. But in this case you will expose the url in the browser bar and the shortcat so again you will need to trust yhe users they are not going to steal it.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux