mod_radius, apache2 and the auth cookie.

Palmer J.D.F. J.D.F.Palmer at
Tue Aug 2 10:55:41 CEST 2005


>   Was was pointed out, you'll get authentication dialogs for every gif
> & jpg on the page.  This is a BAD idea.

The gifs etc are located in an unprotected directory, surely this prevents
from having to re-authenticate for each?

> > If I get a failed login, then try to login again it just uses cached
> > credentials and doesn't prompt for details, if I close and re-open the
> > browser it does then allow me to enter details.
>   Then your browser is broken.

Firefox and Opera are also broken in that case. :-(

A bit of a dig around reveals this from the Apache site, which implies that
all browsers cache the credentials.  

Jezz Palmer.

More information about the Freeradius-Users mailing list