[users@httpd] Authentication restriction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is it possible to restrict AuthTypes based on specific criteria? Our policy has changed such that we are no longer allowing the use of Kerberos passwords via non SSL-enabled connections. So would it be possible to only allow users connected via HTTPS to be able to authenticate via kerberos (using mod_auth_kerb)?

Say, for example, a user has set up an htaccess authenticated directory within their home space.

https;//www.example.com/~someuser/secure/

If the user chooses to use Kerberos authentication as the AuthType, then anyone accessing the page from an HTTP connection should get a custom error page saying something like:

The page you are attempting to retrieve is no longer accessible via HTTP. The new URL is https;//www.example.com/~someuser/secure/ . Please update your bookmarks.


It's not only user space that will be affected here. Any directory using Kerberos as an authentication mechanism must only be accessible via HTTPS and get that error page otherwise. Basic or Digest authentication are still fair game either way (though if there was no other way than to restrict them as well to HTTPS it wouldn't be a huge issue)


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux