perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Puumala <pumie...@gmail.com>
Subject Re: Set AuthName to prompt for sequential passwords
Date Tue, 21 Dec 2010 04:14:50 GMT
Thank you so much for the insight. Your thoughts are very
valuable. I'll be digging into the CookieAuth module to see what I can
see. After I look at it just a bit, it may be that I can just use
CookieAuth as it is, or with minor tweaks and a big authentication
routine. It would deny authentication, but set a different cookie after
"phase 1"; and grant authentication with a good "phase 1" cookie and
proper "phase 2" responses.

You'll hear from me again, as I find other questions, or if a miracle
happens and I complete the project and get something that works.

Thank you again!

Matt

On Mon, Dec 20, 2010 at 6:40 PM, André Warnier <aw@ice-sa.com> wrote:
>
> Talking about HTTP authentication, that's a good plan.
> Unfortunately sometimes difficult to follow, because HTTP authentication is
> full of twists and turns that don't usually let you do things stepwise.
>
> There is already plenty of stuff in the above paragraph to be answered.
>
> What the browser displays in the title bar of its embedded authentication
> mechanism, is nothing else than the content of the "realm" of the "auth
> required" header that it receives back from the server.  So you could
> "trick" that by fabricating this header (and the 401 response) yourself,
> instead of letting Apache send it.

...  [snip]...

Mime
View raw message