Re: s/key authentication for Apache on FreeBSD?

From: Matthew D. Fuller (fullermd_at_over-yonder.net)
Date: 12/14/03

  • Next message: Brett Glass: "Re: s/key authentication for Apache on FreeBSD?" 
    Date: Sat, 13 Dec 2003 23:45:19 -0600
To: Brett Glass <brett@lariat.org>

    On Sat, Dec 13, 2003 at 07:35:43PM -0700 I heard the voice of
    Brett Glass, and lo! it spake thus:
    > At 03:15 AM 12/11/2003, bruce@nikkel.com wrote:
    >
    > >If the basic auth string was not included in an http request, the
    > >webserver would generate a error 401 (Unauthorized). Check out RFC 2617
    > >(HTTP Authentication: Basic and Digest Access Authentication).
    >
    > True. But does it authenticate again? Or merely recognize that you're
    > the same person you were before and let you through?

    HTTP AUTH sends the user/pass strings with every request (more precisely,
    the browser caches what you put in, and sends it every time the server
    returns a 401 with the same realm name.) 

    -- 
Matthew Fuller     (MF4839)   |  fullermd@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
"The only reason I'm burning my candle at both ends, is because I
      haven't figured out how to light the middle yet"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Brett Glass: "Re: s/key authentication for Apache on FreeBSD?"