First, Happy New Year, all! My site currently successfully uses client TLS certs. for access to its private area. I would like to add the capability of a one-time password sent to the user's e-mail to authenticate the user and then allow that user access to the private area for a limited time. I believe I know how to control the password and session handling, but how should the directory block in my httpd conf file look? My current directory configuration block for TLS only looks like this (Apache 2.4.16): <Directory ~ ".*/public/private"> SSLOptions +StrictRequire SSLVerifyClient require SSLVerifyDepth 1 # do NOT allow dir listings Options -Indexes </Directory> Is it possible to allow another authentication method to the above? If so, can anyone give me a secure example? Thanks so much. Best regards, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|