Anyone? On Tuesday, January 5, 2016, Tom Browder <[email protected]> wrote:
> First, Happy New Year, all! > > My site currently successfully uses client TLS certs. for access to > its private area. I would like to add the capability of a one-time > password sent to the user's e-mail to authenticate the user and then > allow that user access to the private area for a limited time. > > I believe I know how to control the password and session handling, but > how should the directory block in my httpd conf file look? > > My current directory configuration block for TLS only looks like this > (Apache 2.4.16): > > <Directory ~ ".*/public/private"> > SSLOptions +StrictRequire > SSLVerifyClient require > SSLVerifyDepth 1 > # do NOT allow dir listings > Options -Indexes > </Directory> > > Is it possible to allow another authentication method to the above? > > If so, can anyone give me a secure example? > > Thanks so much. > > Best regards, > > -Tom >
