mod_radius, apache2 and the auth cookie.
Alan DeKok
aland at ox.org
Tue Aug 2 17:28:19 CEST 2005
"Palmer J.D.F." <J.D.F.Palmer at swansea.ac.uk> wrote:
> The gifs etc are located in an unprotected directory, surely this prevents
> from having to re-authenticate for each?
Yes.
> A bit of a dig around reveals this from the Apache site, which implies that
> all browsers cache the credentials.
> http://httpd.apache.org/docs/howto/auth.html#basicfaq
Well, that's changed since I wrote the module. It's irritating as
heck, too.
The only solution is to take a hint from mod_securid, and put the
username & password on an auto-generated HTML page, where the browser
won't cache them.
That would involve a complete re-write of the module, though.
Alan DeKok.
More information about the Freeradius-Users
mailing list