mod_radius, apache2 and the auth cookie.

Alan DeKok aland at ox.org
Tue Aug 2 17:28:19 CEST 2005


"Palmer J.D.F." <J.D.F.Palmer at swansea.ac.uk> wrote:
> The gifs etc are located in an unprotected directory, surely this prevents
> from having to re-authenticate for each?

  Yes.

> A bit of a dig around reveals this from the Apache site, which implies that
> all browsers cache the credentials.
> http://httpd.apache.org/docs/howto/auth.html#basicfaq  

  Well, that's changed since I wrote the module.  It's irritating as
heck, too.

  The only solution is to take a hint from mod_securid, and put the
username & password on an auto-generated HTML page, where the browser
won't cache them.

  That would involve a complete re-write of the module, though.

  Alan DeKok.




More information about the Freeradius-Users mailing list