Hello List,we would like to protect a Web-Application Server (lets say Outlook Webaccess or whatever) by using a Reverse Proxy / Apache. This works out quite well so far.
- - -Now we would like to add an Authentification, so that only Users who pass the Reverse Proxy auth, will get to the Web-App login. This can be done by some htacces and static passwords. The disatvantage is, that this are static passwords and they could be stored by keyloggers. So we need some kind of one time passwords (OTP).
Is there a way to add some random "salt" to the http authentification? - - - I had the following idea (http://i39.tinypic.com/zmyyjs.jpg):The User gets to some Login Page (PHP) where he enters his Username/Password. Then PHP asks him for his 3, 6 and 12 Digit of his Passport-ID (this can be random). After submitting this, we could set this User/Password+(Append RandomNumber) combinations in a Database where htaccess could try to auth against. This would mean, that the user wold have to enter his Login-Information AGAIN using User/Password+(Appended RandomNumber).
Is there a way to get rid of the http access prompt?Or is there maybe a complete other way to do a secure and cheap OTP authentification?
Any ideas? Cheers, Mario --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx