httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: public key authentication & apache
Date Tue, 15 Oct 2002 07:54:29 GMT


On Mon, 14 Oct 2002, Ian Holsman wrote:

> I was wondering if anyone knows of something (preferably using openSSH)
> which would allow Apache to authenticate via a SSH keypair.

> what i would like ideally is for the browser to use the
> passwords/pass-phrases of the ssh-agent running on the local machine
> to execute something remotely without the middleman (web-server)
> requiring to know the passphrase/private key of the user

I've once had to do this - but it was hard to get it working
properly/perform decently - as, if you are not careful, the negotiation
needs to be done again and again.

If all you want is making sure that the web server does not know the
password; there are a lot of one way crypt/digest things one can do to
solve that. Even standard crypt()ed passwords go a long way.

Dw


Mime
View raw message