httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John K. Sterling" <j...@sterls.com>
Subject RE: [users@httpd] Single sign-on : LDAP & Cookies
Date Wed, 16 Jul 2003 17:32:41 GMT
I think you would be better off NOT starting with auth_ldap and really do
this from scratch.  To do it right, however, you would need to make sure
you're cookies are not spoofable (which usually requires some sort of server
side distributed cache or something to store the random salt).

i've often thought this would be a fun OSS project...

sterling

>-- Original Message --
>Reply-To: users@httpd.apache.org
>From: Eddy.COLLART@cec.eu.int
>To: users@httpd.apache.org
>Date: Wed, 16 Jul 2003 11:59:22 +0200
>Subject: [users@httpd] Single sign-on : LDAP & Cookies
>
>
>Hi all,
>
>Would any of you have recommandations to achieve a single sign-on
>environnement across multiple servers and applications (in the same domain).
>
>I'm thinking about a hack of the mod_auth_ldap module to make use of a
>persistent (encrypted) cookie first, and if the cookie is not present yet,
>perform authentication and store the results in the cookie for re-use by
>other servers.
>
>Any other way you'd recommend ? Anyone got his feet wet with that already
>?
>
>Thanks,
>
>ECB
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message