httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject [users@httpd] Re: Dual private access: allow use of either client cert. or one-time password?
Date Mon, 11 Jan 2016 12:21:05 GMT
Anyone?

On Tuesday, January 5, 2016, Tom Browder <tom.browder@gmail.com> wrote:

> First, Happy New Year, all!
>
> My site currently successfully uses client TLS certs. for access to
> its private area. I would like to add the capability of a one-time
> password sent to the user's e-mail to authenticate the user and then
> allow that user access to the private area for a limited time.
>
> I believe I know how to control the password and session handling, but
> how should the directory block in my httpd conf file look?
>
> My current directory configuration block for TLS only looks like this
> (Apache 2.4.16):
>
>   <Directory ~ ".*/public/private">
>    SSLOptions +StrictRequire
>    SSLVerifyClient require
>    SSLVerifyDepth 1
>    # do NOT allow dir listings
>    Options -Indexes
>   </Directory>
>
> Is it possible to allow another authentication method to the above?
>
> If so, can anyone give me a secure example?
>
> Thanks so much.
>
> Best regards,
>
> -Tom
>

Mime
View raw message