Date: Wed, 10 Dec 2003 12:05:39 -0700 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: s/key authentication for Apache on FreeBSD? Message-ID: <6.0.0.22.2.20031210115335.04c2fc50@localhost>
next in thread | raw e-mail | index | archive | help
I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via a key sniffer. After considering the readily available alternatives, I'd like to try using s/key one-time passwords with "basic" authentication (which works on most browsers). But how do I lash Apache and s/key together under FreeBSD, and get Apache to require s/key passwords from all IP addresses outside the owner's home network? (Apache doesn't have a mod_auth_skey module, so I'd probably have to cobble this together with mod_perl -- or via PAM, with which I have virtually no experience.) All suggestions as to the most efficient way to construct a solution will be most welcome. --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031210115335.04c2fc50>