Dave Carrigan <dave@rudedog.org> [2003:10:04:12:31:02-0700] scribed: > On Sat, Oct 04, 2003 at 12:50:39PM -0500, Michael D Schleif wrote: > > We are working on a web-based application. It will use mod_ssl to > > secure transactions. > > > > We want to limit access to the application. Yes, we have > > username/password authentication; but, we are also considering > > host-based limits. > > > > Can this be done with [mod_]ssl? > > No, but it can be done with apache, which is what I presume you are using. > > > Can access to a website require a certificate on the browser side? > > Yes. > > > If so, please, point me in the right direction (e.g., URL's, documentation, > > applications, &c.) > > http://httpd.apache.org/ What am I missing? I have read this: <http://httpd.apache.org/docs/howto/auth.html> As I responded to Aaron's message, we are looking for some kind of passive authentication, like an SSL Certificate. We do not want to have to rely on humans remembering another username/password, especially since the web application already has that control. We do not want the complications intrinsic to an httpd.conf embedded ACL. I know that I appear to be hung up on SSL Certificates; but, that model appears to meet our needs -- if only I can find the requisite documentation. Yes, two of you have suggested apache.org, and that is helpful. Nevertheless, I have not found what I am looking for on their site. Can you point me to a more specific URL? What do you think? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpzVB731ytY2.pgp
Description: PGP signature