I would like to propose an enhancement to the Apache web server for
secure authentication.
If this is the wrong list, pls. reply with the correct list and I will
post it there.
SSH allows a user to create a public/private key pair and use that for
authentication. This is much more secure than
Been there, done that:
http://wiki.buanzo.org (enigform and mod_openpgp)
Not x509, though.
On 11/20/10, Rob Lemaster rklemas...@gmail.com wrote:
I would like to propose an enhancement to the Apache web server for
secure authentication.
If this is the wrong list, pls. reply with the
On 20 Nov 2010, at 10:27 AM, Rob Lemaster wrote:
SSH allows a user to create a public/private key pair and use that for
authentication. This is much more secure than simply using passwords
and adds the ability to add 'something you have' for multi-factor
authentication. I propose that the same
On 14 Oct 2010, at 8:50 PM, Ruediger Pluem wrote:
The naming of mod_disk_cache currently goes against the naming
convention of other grouped modules in the server, such as
mod_proxy_*,
and mod_socache_*.
Are there any objections to me renaming mod_disk_cache to
mod_cache_disk
for httpd
On 11/19/2010 9:13 AM, Graham Leggett wrote:
On 19 Nov 2010, at 3:15 PM, Plüm, Rüdiger, VF-Group wrote:
For a while, mod_ssl has been able to secure connections from
mod_proxy, backwards towards some backend server.
For some reason however, the directives that control this behavior
SSLProxy*
On 02 Nov 2010, at 10:34 PM, Nick Kew wrote:
The lack of this one feature is the most cited reason I've been given
for why people have moved away from mod_include as a template
processor to other template processors within other servers. Rather
than moving to an entirely new type of server, I'd
On Fri, 19 Nov 2010, Joe Orton wrote:
On Fri, Nov 19, 2010 at 07:13:01AM +0100, Kaspar Brand wrote:
On 17.11.2010 15:53, Igor Galić wrote:
it might be appropriate to ping dev@ with this problem
I'm not sure if it's a bug or a feature.
I'd call it a missing feature... the problem is that
Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
would like to use PKI for user authentication like you can in SSH on
top of the encryption provided by HTTPS. The most secure option I see
available for web authentication currently is OTP tokens (RSA,etc)
that only work on one web
On 20/11/2010 22:19, Rob Lemaster wrote:
Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
would like to use PKI for user authentication like you can in SSH on
top of the encryption provided by HTTPS. The most secure option I see
available for web authentication currently is
Thanks for the link Issac. If this is already in Apache, why isn't
everyone using it?
On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand mar...@beamartyr.net wrote:
Nope, you have full x509 based authentication out-of-the-box. See
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients
On 20 Nov 2010, at 10:19 PM, Rob Lemaster wrote:
Isn't mod_ssl used solely for HTTPS (browser-server encryption)? I
would like to use PKI for user authentication like you can in SSH on
top of the encryption provided by HTTPS. The most secure option I see
available for web authentication
Thanks for that explanation Graham!
I wasn't thinking in terms of CA-signed certificates like you and
Issac pointed out, but more of a PGP-type model, where I could use my
own self-signed public/private key pair created in Firefox to
authenticate to many web sites. I realize that self-signed
On 11/20/2010 2:39 PM, Rob Lemaster wrote:
Thanks for the link Issac. If this is already in Apache, why isn't
everyone using it?
On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstandmar...@beamartyr.net wrote:
Nope, you have full x509 based authentication out-of-the-box. See
In mod_ssl there is a very handy option of making an exec callout for
SSLPassPhraseDialog rather than to put a password for your private key
in the conf file. The obvious benefit here is that one can then design a
solution to meet any arbitrary number of security challenges before
allowing
I understand your skepticism, but I am not advocating a complex CA
infrastructure and I have more faith in end users (possibly
misplaced). IMHO, it is reasonable for users to take that extra step
for their banking site or SSL-VPN. It's really not that big a deal to
generate a key pair in PuTTY, I
On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote:
Thanks for the link Issac. If this is already in Apache, why isn't
everyone using it?
Because key management is just too freaking hard, and too much of a management
and support burden.
For God's sake, if we can't even get the Apache
16 matches
Mail list logo
