s/key authentication for Apache on FreeBSD?
Brett Glass
brett at lariat.org
Wed Dec 10 11:49:14 PST 2003
At 07:39 AM 12/10/2003, Kyle Amon wrote:
>It sounds like you're going all crazy here.
It does?
> Unfortunately, what you've
>written to describe your requirement is not very precise. Assuming you
>are not concerned about "keystroke loggers"
You must have misunderstood my message: This is EXACTLY what the owner is
concerned about. Encrypting the content is not as important as preventing
unfettered future access via a password stolen by sniffing either the
network or the keyboard. Thus, SSL -- while it might be nice -- is optional.
What's needed is one-time passwords for "basic" authentication in Apache.
--Brett Glass
More information about the freebsd-security
mailing list