On Thu, 10 Oct 2002, Glynn S. Condez wrote:
> access control to a web site
> ~ user need to log in first, then the user name is carried over the
> session, and
> that is what was the default selection for many functions
> then people can set their preference per account:
> a) LDAP
> b) .htaccess
> c) per user certificate
>
with apache/ssl using user/client certificates, you can use FakeBasicAuth
together with .htaccess files. instead of a pop-up asking for a
username/password, the webserver will just get the username (but no
password) from the client certificate's Distinguished Name field. then
just use cookies to track the session id upon logon. store the cookie
details on a backend db/ldap as well so that an external webserver can
track the session id after another automatic client cert verification.
pong
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
