Re: How to force new authentication with modssl?

Fri, 26 Nov 1999 22:50:07 -0800 

On Thu, 25 Nov 1999, Gremmen, Jeroen wrote:
> I'm having some difficulties with the authentication for https pages. Here's
> the problem:
> When I open a secure page (https:....) + basic auth. on my server it
> requires authentication. So I log on: 
> logon: itsme
> password: mypassword
> >From this moment on the browser (IE 5.0) will remember 'itsme' and modssl
> will syslog every action with this username. When I go to another page that
> also requires authentication, it accepts 'itsme' as a valid user (which is
> correct) and continues to load the page. When I go to a page that doesn't
> accept 'itsme' as a valid user it requires authentication again. Ok, so far
> nothing exceptional but I want more...
> Actually, what I want is some way to tell apache/modssl that I want to force
> authentication again - even when it concerns the same page!
You do that by telling IE to forget about passwords.
There's nothing in the protocol that allows the server to tell the browser
that a user/password has expired, unless you do the password handly
yourself, with dynamic pages that change AuthName after each successful 
request.

> 
> My configuration is: Linux Slackware, kernel 2.2.12, Apache 1.3.9/modssl
> 2.4.8/openssl 0.9.3.a (0.9.4. still doesn't work!)/php4.0b3/auth_mysql
> 
> I'm aware that this question may be off-topic but I hope somebody can answer
> me.
> 
> 
> Kind regards / Met vriendelijke groet,
> 
> Jeroen Gremmen
> 
> Country-Micado Consultant / Check 2000 Team Manager
> 
> Origin International B.V.
> Complex Vredeoord VH 1.20
> Groenewoudseweg 1, 5621 BA  Eindhoven
> +31 (0)40 2756943
> [EMAIL PROTECTED]
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

-- 
Henrik Olsen,  Dawn Solutions I/S       URL=http://www.iaeste.dk/~henrik/
  Flinx:  Everybody wants to kidnap me.
  Oh well, I'll travel the galaxy and have boring adventures.
  (Pip the Flying Snake spits at something and kills it.)
              The Flinx of the Commonwealth Series, Book-A-Minute version


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to