mod_radius, apache2 and the auth cookie.

Stefan.Neis at Stefan.Neis at
Thu Jul 28 12:19:48 CEST 2005


Palmer J.D.F. schrieb:

> If I get a failed login, then try to login again it just
> uses cached
> credentials and doesn't prompt for details, if I close
> and re-open the
> browser it does then allow me to enter details.

Sounds like it might be the browser that's caching the
bad credentials .... :-(

> This is why it doesn't matter that there is an instant
> timeout, as the
> client will not need to access the page again until
> his/her connection times
> out and the 'allowing' iptables rules are removed. 

Note that you need to authenticate for every _file_
that's being transferred, so if your page contains
e.g. any graphics (background image, icons, whatever)
an instant timeout _will_ matter.


More information about the Freeradius-Users mailing list