Date: Wed, 10 Dec 2003 19:25:10 +0000 From: Mark Murray <markm@freebsd.org> To: Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? Message-ID: <200312101925.hBAJPADw003666@grimreaper.grondar.org> In-Reply-To: Your message of "Wed, 10 Dec 2003 12:05:39 MST." <6.0.0.22.2.20031210115335.04c2fc50@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass writes: > After considering the readily available alternatives, I'd like to > try using s/key one-time passwords with "basic" authentication (which > works on most browsers). But how do I lash Apache and s/key together > under FreeBSD, and get Apache to require s/key passwords from all > IP addresses outside the owner's home network? (Apache doesn't have > a mod_auth_skey module, so I'd probably have to cobble this together > with mod_perl -- or via PAM, with which I have virtually no experience.) > All suggestions as to the most efficient way to construct a solution > will be most welcome. PAM is the most sensible. Once set up, it hands over a whole lot of policy to one set of config files, and this makes sysadmins jons much easier. Learning PAM is well worth your while. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312101925.hBAJPADw003666>