s/key authentication for Apache on FreeBSD?

Mark Murray markm at freebsd.org
Wed Dec 10 11:30:15 PST 2003

Brett Glass writes:
> After considering the readily available alternatives, I'd like to
> try using s/key one-time passwords with "basic" authentication (which 
> works on most browsers). But how do I lash Apache and s/key together
> under FreeBSD, and get Apache to require s/key passwords from all
> IP addresses outside the owner's home network? (Apache doesn't have
> a mod_auth_skey module, so I'd probably have to cobble this together
> with mod_perl -- or via PAM, with which I have virtually no experience.)
> All suggestions as to the most efficient way to construct a solution
> will be most welcome.

PAM is the most sensible. Once set up, it hands over a whole lot of
policy to one set of config files, and this makes sysadmins jons much

Learning PAM is well worth your while.

Mark Murray
iumop ap!sdn w,I idlaH

More information about the freebsd-security mailing list