Dual private access: allow use of either client cert. or one-time password?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



First, Happy New Year, all!

My site currently successfully uses client TLS certs. for access to
its private area. I would like to add the capability of a one-time
password sent to the user's e-mail to authenticate the user and then
allow that user access to the private area for a limited time.

I believe I know how to control the password and session handling, but
how should the directory block in my httpd conf file look?

My current directory configuration block for TLS only looks like this
(Apache 2.4.16):

  <Directory ~ ".*/public/private">
   SSLOptions +StrictRequire
   SSLVerifyClient require
   SSLVerifyDepth 1
   # do NOT allow dir listings
   Options -Indexes
  </Directory>

Is it possible to allow another authentication method to the above?

If so, can anyone give me a secure example?

Thanks so much.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux