mod_radius, apache2 and the auth cookie.
Stefan.Neis at t-online.de
Stefan.Neis at t-online.de
Thu Jul 28 12:19:48 CEST 2005
Hi,
Palmer J.D.F. schrieb:
> If I get a failed login, then try to login again it just
> uses cached
> credentials and doesn't prompt for details, if I close
> and re-open the
> browser it does then allow me to enter details.
Sounds like it might be the browser that's caching the
bad credentials .... :-(
> This is why it doesn't matter that there is an instant
> timeout, as the
> client will not need to access the page again until
> his/her connection times
> out and the 'allowing' iptables rules are removed.
Note that you need to authenticate for every _file_
that's being transferred, so if your page contains
e.g. any graphics (background image, icons, whatever)
an instant timeout _will_ matter.
Regards,
Stefan
More information about the Freeradius-Users
mailing list