Yes, actually there are quite a few ways to authenticate to an Apache server/site.
On this url: http://freeradius.org/mod_auth_radius/ you will find a good explanation of how to set up an Apache website to use something called Radius authentication. There is also Basic (which was already mentioned) along with a few other methods which are typically implemented the same way.
What will happen when you set up this type of authentication is when the user goes to the website, a dialog box will pop up asking for user id and password. Once that is entered the user will have access to that site from then until they close their browser...
| [reply] |
I already don't like the idea of using cgi params or cookies
Cookies are pretty standard. Or you could use HTTP basic authentication.
But if you want to be secure, you'll have to use HTTPS anyway. And then you can client-side SSL certificates for authentication. But be warned, compared to cookies they are a pain to create, set up and maintain.
| [reply] |
| [reply] |
and instead go for digest authentication Hmm, seems to me it is a proposal for an implementation, but there is no actual implementation anywhere -- in other words, unsupported by anthing, ie useless
| [reply] |
unsupported by anthing, ie useless
what do you mean? looks like you are missing the point. The paper says that digest authentication was and is here it just hasn't taken off for usability reasons and suggests how to overcome those so it can be considered as a viable alternative to cookies
on the contrary it is very usefull since you cannot disregard the paper's educational and awarenes raising value by going through the pros and cons of each option which directly answers the OP's question who is looking for those alternatives
| [reply] |
| [reply] |