Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

non-.htaccess cached authentication recommendation

I'm creating a page into which users will log in. This web server is running on apache, on a FreeBSD machine. The pages will be created in Perl. I will be authenticating off a remote radius server using Authen::Radius. That's what I'm working with, so these details are not an option.

All of the above I've worked with before, except for the idea of caching an authentication. For example, index.html requests username and password. They log in, and now they are authenticated, and can now view all the rest of the pages and such while still being logged in.

I have used .htaccess for this sort of thing in the past, but this time I will not have a local password database with which to work. I will need to use Authen::Radius for each user authentication attempt, and I'm sort of stumped as to how to let users stay logged in, but if they close the browser, or enough time goes by, they get logged out.

What do folks recommand for this sort of thing? I was assuming it would be cookie based authentication caching. Can anyone think of any examples where the source might be available? Do I need to build a check into every single subsequent page of the website that checks and verifies the cached connection?

I'm afraid I don't know much about authentication, so it's hurting this project..

Thanks.

-Dan
0
dgoyette
Asked:
dgoyette
1 Solution
 
bobsledbobCommented:

> I was assuming it would be cookie based authentication caching.

Well, cookies are one pretty good answer.  You can also send / receive the appropriate headers which would generate the 'basic authentication' that .htaccess files would.  This is another option.  Sorry, I would only be able to give you example code in PHP, not PERL.

> Do I need to build a check into every single subsequent page of the website that checks and verifies the cached connection?

Basically yes.  You can be elegant about it (using included files, etc.)  You can probably help speed up the Radius functions by caching the information somewhere (in a session (implying cookies), a flat file, etc.)


By the way, I believe there is an apache module called mod_auth_radius that would basically allow you to write .htaccess files (as you're accustomed to), but would then authenticate against your radius server.  Check google.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now