>Some powers that be have decided not to allow basic >authentication anymore, even over HTTPS. So I am >looking for an alternative.
Have those "powers that be" offered a list of acceptable alternatives? Unless they insist, I don't think NTLM over HTTP is a good protocol idea nowadays for a variety of reasons, so can we skip that one? The IBM HTTP Server for z/OS supports TLS client certificate authentication with RACF. That's not basic authentication, so it ostensibly qualifies. It's also widely accepted. Have you considered that option? Or you could adopt a token-based approach. The classic way is forms-based authentication, i.e. some application-based mechanism. Another, widely accepted choice is OAuth 2.0. However, OAuth 2.0 would require either a custom, additional module or an authenticating proxy arrangement of some kind. The (non-Apache) mod_oauth2 module code is available here: https://github.com/zmartzone/mod_oauth2 I have not looked at this code, but there it is. I'll pause there. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
