Terry Carmen wrote:
Quoting "J.Lance Wilkinson" <jl...@psu.edu>:
> I'm looking for a VERY SIMPLE single value authentication module
(like BASIC
> Authentication, but only a USER ID, no prompt for PASSWORD) for
Apache 2.2.x.
> User IDs that will be used are going to be long numeric transaction ids
> provided by an external e-commerce site.
You'll probably find it much simpler to use the standard basic auth
mechanism, use your transaction id for the login and pass in a dummy
password.
Not sure how I'd "pass in a dummy password." from my HTTPD
to the user's browser.
You could also play with the Require directive.
I would be using Require valid-user or whatever was needed to
force the transaction ID to match what's found in the transaction
ID valid list.
Although I've never tried it, and it seems like a really bad idea, it
will supposedly accept a Boolean expression, so you could try "Require
true" or something similar.
Agreed. Sounds like a bad idea.
In any case, if your transaction IDs can be predicted or brute-forced,
this all sounds like a really bad idea.
I guess an alternative would be to use the transaction ID as the
USER (required unique) and then use as the password the name of
the entity associated with that transaction.
If I don't get any further recommendations for alternatives that
would let me get by with a single input factor, that'll probably
be the best option.
--
J.Lance Wilkinson ("Lance") InterNet: lance.wilkin...@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
