Re: s/key authentication for Apache on FreeBSD?

From: Brett Glass (brett_at_lariat.org)
Date: 12/11/03

  • Next message: Michael Sierchio: "Re: s/key authentication for Apache on FreeBSD?" 
    Date: Wed, 10 Dec 2003 17:47:00 -0700
To: James Welcher <james@buszard-welcher.com>

    At 01:29 PM 12/10/2003, James Welcher wrote:

    >Maybe not the solution you are looking for, but I wouldn't write a
    >one-time password solution as an apache module. It seems to me like it
    >would be rather complex to implement and you would still have to have
    >manage users keys and generate the "little slips of paper" or educate
    >the users to employ some kind of s/key or opie algorithm on their PDA
    >or via some other host.

    The people in question have Palm Pilots. And, yes, in a pinch
    slips of paper could be generated. The key thing is to be able
    to get in from a public kiosk without the risk of compromised
    passwords.

    Bruce Nikkel writes:

    >The problem with using s/key (or opie) together with http basic auth is
    >the repetive nature of http requests. The webserver would expect see
    >the basic authentication string with every single request. You would be
    >promtped for your next onetime password for every single gif or link on
    >the page requested. I don't know how practical that would be.

    If this is true, then I'd have to write a Perl authentication module
    that called s/key once and authorized an IP until the user clicked
    a "logout" button or a certain amount of time elapsed. So, I'd be
    using mod_perl *and* PAM. A bit more complex, but I can do it if I must.
    Are you sure that Apache will try to authorize again on every hit?

    --Brett

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Michael Sierchio: "Re: s/key authentication for Apache on FreeBSD?"