httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <humbed...@apache.org>
Subject Re: [users@httpd] Re: Dual private access: allow use of either client cert. or one-time password?
Date Mon, 11 Jan 2016 12:22:01 GMT
My actual reply is stuck in moderation, as I sent it from the wrong address.

Have patience, it'll be there soon enough :)

On 01/11/2016 01:21 PM, Tom Browder wrote:
> Anyone?
> 
> On Tuesday, January 5, 2016, Tom Browder <tom.browder@gmail.com
> <mailto:tom.browder@gmail.com>> wrote:
> 
>     First, Happy New Year, all!
> 
>     My site currently successfully uses client TLS certs. for access to
>     its private area. I would like to add the capability of a one-time
>     password sent to the user's e-mail to authenticate the user and then
>     allow that user access to the private area for a limited time.
> 
>     I believe I know how to control the password and session handling, but
>     how should the directory block in my httpd conf file look?
> 
>     My current directory configuration block for TLS only looks like this
>     (Apache 2.4.16):
> 
>       <Directory ~ ".*/public/private">
>        SSLOptions +StrictRequire
>        SSLVerifyClient require
>        SSLVerifyDepth 1
>        # do NOT allow dir listings
>        Options -Indexes
>       </Directory>
> 
>     Is it possible to allow another authentication method to the above?
> 
>     If so, can anyone give me a secure example?
> 
>     Thanks so much.
> 
>     Best regards,
> 
>     -Tom
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message