My actual reply is stuck in moderation, as I sent it from the wrong address. Have patience, it'll be there soon enough :) On 01/11/2016 01:21 PM, Tom Browder wrote: > Anyone? > > On Tuesday, January 5, 2016, Tom Browder <tom.browder@xxxxxxxxx > <mailto:tom.browder@xxxxxxxxx>> wrote: > > First, Happy New Year, all! > > My site currently successfully uses client TLS certs. for access to > its private area. I would like to add the capability of a one-time > password sent to the user's e-mail to authenticate the user and then > allow that user access to the private area for a limited time. > > I believe I know how to control the password and session handling, but > how should the directory block in my httpd conf file look? > > My current directory configuration block for TLS only looks like this > (Apache 2.4.16): > > <Directory ~ ".*/public/private"> > SSLOptions +StrictRequire > SSLVerifyClient require > SSLVerifyDepth 1 > # do NOT allow dir listings > Options -Indexes > </Directory> > > Is it possible to allow another authentication method to the above? > > If so, can anyone give me a secure example? > > Thanks so much. > > Best regards, > > -Tom > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|