My actual reply is stuck in moderation, as I sent it from the wrong address.
Have patience, it'll be there soon enough :) On 01/11/2016 01:21 PM, Tom Browder wrote: > Anyone? > > On Tuesday, January 5, 2016, Tom Browder <tom.brow...@gmail.com > <mailto:tom.brow...@gmail.com>> wrote: > > First, Happy New Year, all! > > My site currently successfully uses client TLS certs. for access to > its private area. I would like to add the capability of a one-time > password sent to the user's e-mail to authenticate the user and then > allow that user access to the private area for a limited time. > > I believe I know how to control the password and session handling, but > how should the directory block in my httpd conf file look? > > My current directory configuration block for TLS only looks like this > (Apache 2.4.16): > > <Directory ~ ".*/public/private"> > SSLOptions +StrictRequire > SSLVerifyClient require > SSLVerifyDepth 1 > # do NOT allow dir listings > Options -Indexes > </Directory> > > Is it possible to allow another authentication method to the above? > > If so, can anyone give me a secure example? > > Thanks so much. > > Best regards, > > -Tom > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org