Re: s/key authentication for Apache on FreeBSD?
From: James Welcher (james_at_buszard-welcher.com)
Date: Wed, 10 Dec 2003 15:29:29 -0500 To: Brett Glass <email@example.com>
>>>>> "Brett" == Brett Glass <firstname.lastname@example.org> writes:
Brett> You must have misunderstood my message: This is EXACTLY
Brett> what the owner is concerned about. Encrypting the content
Brett> is not as important as preventing unfettered future access
Brett> via a password stolen by sniffing either the network or the
Brett> keyboard. Thus, SSL -- while it might be nice -- is
Brett> optional. What's needed is one-time passwords for "basic"
Brett> authentication in Apache.
Maybe not the solution you are looking for, but I wouldn't write a
one-time password solution as an apache module. It seems to me like it
would be rather complex to implement and you would still have to have
manage users keys and generate the "little slips of paper" or educate
the users to employ some kind of s/key or opie algorithm on their PDA
or via some other host.
"mini-keyboard" where you can click on letters to "type in" a
passphrase. This avoids local keyboard sniffers users and admins don't
have to mess with one time passwords. It should also work with any
then again, I think you would have a more portable solution
and if a user is on a "trusted" machine, they can just type
Of course, SSL is no longer optional in this case.
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"