Re: s/key authentication for Apache on FreeBSD?

From: Brett Glass (brett_at_lariat.org)
Date: 12/10/03

  • Next message: bruce_at_nikkel.com: "Re: s/key authentication for Apache on FreeBSD?"
    Date: Wed, 10 Dec 2003 12:48:24 -0700
    To: Kyle Amon <amonk@gnutec.com>
    
    

    At 07:39 AM 12/10/2003, Kyle Amon wrote:
      
    >It sounds like you're going all crazy here.

    It does?

    > Unfortunately, what you've
    >written to describe your requirement is not very precise. Assuming you
    >are not concerned about "keystroke loggers"

    You must have misunderstood my message: This is EXACTLY what the owner is
    concerned about. Encrypting the content is not as important as preventing
    unfettered future access via a password stolen by sniffing either the
    network or the keyboard. Thus, SSL -- while it might be nice -- is optional.
    What's needed is one-time passwords for "basic" authentication in Apache.

    --Brett Glass

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: bruce_at_nikkel.com: "Re: s/key authentication for Apache on FreeBSD?"