Welcome to WebmasterWorld Guest from 50.19.0.90

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Kerberos Authentication and Session Cookies? Help!

Help with maintaining credentials

     
5:34 pm on Sep 6, 2008 (gmt 0)

New User

5+ Year Member

joined:Sept 6, 2008
posts: 1
votes: 0


I have an Apache 2.0 web server setup as an Intranet for my company. I have a </Directory> container that is setup to authenticate to an Active Directory farm. The I&A works just fine.
However, It is easy to bypass the authentication by just adding one of the directories that is in /var/www/html with a trailing /. For example, in my browser if I enter:

[website...]

I am forced to authenticate.

However, if I enter:

[website...]

I bypass authentication.

I need to have my users perform I&A once, then carry their I&A credentials throughout their browsing session. I am guessing this would require cookies of some sort that contain the I&A information.

If cookies are the solution, then I could use some help setting up Apache to issue cookies for each login. I would then like people to be able to surf the other directories without having to re-authenticate every time they click another link.

Any links, advice, instructions, man pages, would be helpful. I am a novice when it comes to setting up Apache in this way.

Thank you!

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members