On Tue, 2003-03-04 at 12:00, Alan DeKok wrote: > Josh Howlett <[EMAIL PROTECTED]> wrote: > > To clarify, I want users to authenticate via HTTP via mod_auth_radius > > against a remote RADIUS server without the intermediate WWW server (or, > > for that matter, anything else) gaining knowledge of the user's > > password. > > > > Assuming mod_auth_radius implemented digest authentication, is this a > > workable solution? > > Yes. And it shouldn't be too hard to do, either. Take entries from > Apache's data structures, pack them into a RADIUS packet, and fire it > off.
Interesting. Assume that there was a mechanism to send the cookie generated by mod_auth_radius to the remote RADIUS server where it could be stored (for the lifetime of the cookie). Assume also that there existed an "rlm_cookie" authentication module on that remote RADIUS server that allows the RADIUS server to authenticate a user on the basis of a cookie. In this hypothetical case, would it be feasible for a user to present the same cookie to a different WWW server, which could then attempt to authenticate the user by passing the cookie to the remote RADIUS server? (ie. thereby avoiding the need for the user to present his credentials again - the idea being to enable single sign-on). Is this idea crack-pot or simply brain-dead? josh. -- ----------------------------------------------------------- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] ------------------------------------------------------------ --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
