logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: one time password with apache
Author
ali_fareed



Joined: 04 Jul 2006
Posts: 61
Location: Bahrain

PostPosted: Sun 23 Jul '06 22:08    Post subject: one time password with apache Reply with quote

I was just wondering is there a one time password module for apache?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Mon 24 Jul '06 9:30    Post subject: Reply with quote

What do you mean? Only one time login, and login will stay. Or a temporaily login?

For the only one time login in see http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html

For a temporaily login I would choose a scripting solution.
Back to top
maniac



Joined: 29 Mar 2006
Posts: 31
Location: Ukraine

PostPosted: Mon 24 Jul '06 10:56    Post subject: Reply with quote

think of php sessions and mod_unique_id
Back to top
ali_fareed



Joined: 04 Jul 2006
Posts: 61
Location: Bahrain

PostPosted: Mon 24 Jul '06 21:22    Post subject: Reply with quote

No I mean something like the ones described here
http://en.wikipedia.org/wiki/One-time_passwordI found mod_securid which is a time-synchronized OTP which uses a hardware token that displays a changing number which you enter along with your password the hardware tokens are made by rsa security http://www.rsasecurity.com/.
Back to top
Jorge



Joined: 12 Mar 2006
Posts: 376
Location: Belgium

PostPosted: Mon 24 Jul '06 22:35    Post subject: Reply with quote

let me get this out here (ok I'm a bit sleep deprived so excuse me if i make no sense or totally miss the ball here)

You want the user to enter a username + password
that is static but an aditional random generated rumber?

if that is the case I think scripting is your only option.

Rought draft of what would be needed in such a case:

1) user/pass database (MySQL, encrypte file, ...)
2) a randum stuff generator... this can for example be done by:
3) generating a sha1 has of the currenttime+username+random word of a small dictionary file.

4) the login form with a display block a request to type in the user, pass, and random data

5) username, pass, random data is then saved in a php session variable.
6) check if the users data that comes with every request matches what php expects

7) for saftly let the session self destruct in 7 min after the users last request.

well this is a pseudo layout of what would be needed in such case.

I don't know if a packaged exists that provides this but I'll have a look around. Although i don't think it exists.
Back to top
ali_fareed



Joined: 04 Jul 2006
Posts: 61
Location: Bahrain

PostPosted: Tue 25 Jul '06 1:38    Post subject: Reply with quote

yeah thats exactly what I need.
Back to top
Jorge



Joined: 12 Mar 2006
Posts: 376
Location: Belgium

PostPosted: Tue 25 Jul '06 9:03    Post subject: Reply with quote

Didn't find any module that could do that so a script should be the way to go.

You can do a search on Zend's devekioers pages and on hotscripts.com
I'm sure you'll find something on there.
Back to top


Reply to topic   Topic: one time password with apache View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules