while you're at it you might take a look at the kerberos-like AIS
infrastructure,
which does not at this time use apache extensions at all but which provides
passwordless e-mail-based SSO
over an arbitrarily wide domain.
--
David L Nicol
"It's what God and Dwight Eisenhower intended,
and it's w
Cheers Fellas, this was the bit I was concerned about.
Apache::AuthCookie, looked a little bloated to me,
however I'm a big fan of only inventying new types of
wheels not old so I'll revisit...
Regards
Marty
--- Michael J Schout <[EMAIL PROTECTED]> wrote:
> On Wed, 10 Nov 2004, Skylos wrote:
On Wed, 10 Nov 2004, Skylos wrote:
it could go...
-> GET content from myserver port 80
<- 403 errordocument login form
-> POST credentials to myserver port 443
<- Location http://myserver/content
<- Set-Cookie: ticket=gooduser; Domain=myserver; Path=content;
-> GET content from myserver port 80
<-
Michael, I'm sorry but I don't believe that is correct. Having
recently implimented a Apache::AuthCookie system, I can see a possible
issue with this strategy. Please feel free to enlighten me if I am
full of shit.
First of all, there's nothing stopping you from submitting your login
form to an
Michael wrote on 11/10/04, 4:28 PM:
> > All,
> >
> > I'm about to replace the authentication mechanism that
> > our web site uses. However I wanted to sanity check my
> > thought process.
> >
> > Is it possible to have an Authen handler sitting on
> > certain areas of a site, and if a us
> All,
>
> I'm about to replace the authentication mechanism that
> our web site uses. However I wanted to sanity check my
> thought process.
>
> Is it possible to have an Authen handler sitting on
> certain areas of a site, and if a user isn't logged in
> (i.e. doesn't have an auth session cook
