mod_radius, apache2 and the auth cookie.

Alan DeKok aland at
Thu Jul 28 19:00:33 CEST 2005

"Palmer J.D.F." <J.D.F.Palmer at> wrote:
> >   You mean re-authenticate for every request?  That would require
> > source code changes.
> Effectively yes, see the description of what I'm trying to do below.

  Was was pointed out, you'll get authentication dialogs for every gif
& jpg on the page.  This is a BAD idea.

> If I get a failed login, then try to login again it just uses cached
> credentials and doesn't prompt for details, if I close and re-open the
> browser it does then allow me to enter details.

  Then your browser is broken.

> So far this has only been tested with IE on a patched up but otherwise std
> XP machine.

  Read the rants in the source code for why IE isn't a web browser.

> The reason for the authentication is to log into a web-redirect gateway.
> An iptables rule redirects any un-authenticated IP/MAC pairs to the login
> page; on a successful login the page (a php page which resides in a
> protected folder) adds some iptables rules to allow that particular client
> (IP/MAC pair) through the gateway.

  There are "captive portal" programs that do this.  Search the net
for them, they'll probably be simpler to set up, and will work with IE.

  Alan DeKok.

More information about the Freeradius-Users mailing list