homepage Welcome to WebmasterWorld Guest from 54.205.59.78
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Kerberos Authentication and Session Cookies? Help!
Help with maintaining credentials
wlerner




msg:3739740
 5:34 pm on Sep 6, 2008 (gmt 0)

I have an Apache 2.0 web server setup as an Intranet for my company. I have a </Directory> container that is setup to authenticate to an Active Directory farm. The I&A works just fine.
However, It is easy to bypass the authentication by just adding one of the directories that is in /var/www/html with a trailing /. For example, in my browser if I enter:

[website...]

I am forced to authenticate.

However, if I enter:

https://website/directory/

I bypass authentication.

I need to have my users perform I&A once, then carry their I&A credentials throughout their browsing session. I am guessing this would require cookies of some sort that contain the I&A information.

If cookies are the solution, then I could use some help setting up Apache to issue cookies for each login. I would then like people to be able to surf the other directories without having to re-authenticate every time they click another link.

Any links, advice, instructions, man pages, would be helpful. I am a novice when it comes to setting up Apache in this way.

Thank you!

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved