Hello, at the moment I'm facing the problem to implement a OTP (one time password) auth solution for Apache httpd. The webserver should act as a proxy for several internal sites (it runs Debian Stretch). The OTP software solution I use is LINOTP. Freeradius is my radius server (default package from Debian Jessie - runs on another host). I have no problem authentication on the command line. Using radtest everything works as expected. But I have problems with the Apache radius auth config. I tested several configurations. At the moment the configuration that runs best is the libapache2-mod-auth-radius variant (Stretch package). It works fine when connecting using an icognito browser tab. But if I use a standard browser tab everytime I close and reopen the browser the first auth attempt fails. Looking at the log I found that the auth cookie is not deleted when closing the browser. The docs state it should be deleted when the browser exits. So when the browser is restarted the first auth attempt is using the stale cookie information and fails. This is a bit unconvenient. I couldn't find an answer (but a similar unanswered question) for this problem when searching the mailing list. Here's my Apache config: <VirtualHost *:80> DocumentRoot /var/www/btw ProxyPass / http://<IP>/ ProxyPassReverse / http://<IP>/ LogLevel debug <Proxy *> Order allow,deny Allow from all </Proxy> AddRadiusAuth <IP>:1812 <SECRET> 5:3 AddRadiusCookieValid 5 <Location /> AuthType Basic AuthName "<A_NAME>" AuthBasicProvider radius AuthRadiusActive On AuthRadiusCookieValid 5 AuthRadiusAuthoritative on require valid-user </Location> </VirtualHost> I tried a different variant for the auth problem using PAM and the PAM radius module but only reached a situation that the first auth attempt works but each new request triggered a new login dialog box. So here are my questions: - Is there a solution for the cookie not getting deleted when using the libapache2-mod-auth-radius module? - Is there another way to auth against a radius server (or the linotp server) that works? At the moment I'm stuck so any help is appreciated. Thanks. Regards, Dieter