s/key authentication for Apache on FreeBSD?
Matthew D. Fuller
fullermd at over-yonder.net
Sat Dec 13 21:45:25 PST 2003
On Sat, Dec 13, 2003 at 07:35:43PM -0700 I heard the voice of
Brett Glass, and lo! it spake thus:
> At 03:15 AM 12/11/2003, bruce at nikkel.com wrote:
>
> >If the basic auth string was not included in an http request, the
> >webserver would generate a error 401 (Unauthorized). Check out RFC 2617
> >(HTTP Authentication: Basic and Digest Access Authentication).
>
> True. But does it authenticate again? Or merely recognize that you're
> the same person you were before and let you through?
HTTP AUTH sends the user/pass strings with every request (more precisely,
the browser caches what you put in, and sends it every time the server
returns a 401 with the same realm name.)
--
Matthew Fuller (MF4839) | fullermd at over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
"The only reason I'm burning my candle at both ends, is because I
haven't figured out how to light the middle yet"
More information about the freebsd-security
mailing list