堆栈内存溢出
  简体   繁体   English

Ubuntu 16.04 Apache2只需要输入一次密码?

[英]Ubuntu 16.04 Apache2 only requires password once?

 原文  2018-04-18 14:20:13       .htaccess/ apache2/ ubuntu-16.04

问题描述

I have a server running, and setup an htaccess file. 我正在运行服务器,并设置了htaccess文件。 Everything works and it does require a password to gain access to the folder I set, but once the password is used, it has never required verification again. 一切正常,并且确实需要输入密码才能访问我设置的文件夹,但是一旦使用了密码,就不再需要再次验证。 Seems insecure, so I'm wondering how to require re-entering a password. 似乎不安全,所以我想知道如何要求重新输入密码。 Like some kind of time-out on the access, but I don't know what to look for, and all I've found is people trying to stop needing a password all the time. 就像访问中的某种超时一样,但是我不知道要寻找什么,我发现所有发现都是人们一直试图不再需要密码。

Please help with either a solution, or point me in the right direction for what I need to be searching for. 请提供解决方案的帮助,或为我要寻找的正确方向指明方向。

I am using ssl, and .httaccess file with basic auth setup in the apache config file. 我在apache配置文件中使用ssl和.httaccess文件进行基本身份验证设置。 

<Directory "/var/www/html">
  AuthType Basic
  AuthName "Restricted Content"
  AuthUserFile /etc/apache2/.htpasswd
  Require valid-user
</Directory>

1 个解决方案

解决方案1
 0  2018-04-18 14:43:37

As I know, apache/HTTP authentication don't gives you control. 据我所知,apache / HTTP身份验证无法控制您。 After first authentication, your server cannot instruct the browser to logout or timeout. 首次身份验证后,您的服务器无法指示浏览器注销或超时。 HTTP authentication does not work with session/cookies and the browser shall continually send authentication credentials. HTTP身份验证不适用于会话/ cookie,浏览器应不断发送身份验证凭据。 To logout you should close the browser. 要注销,您应该关闭浏览器。

looking in Apache webpage: AuthDigestNonceLifetime Directive could be useful the value is in seconds for the time. 在Apache网页上查找: AuthDigestNonceLifetime指令可能有用,该值以秒为单位。 i use 300 here. 我在这里用300。 

<Directory "/var/www/html">
    AuthType Digest
    AuthName "Restricted-Content"
    AuthDigestDomain "http://127.0.1.2"
    AuthDigestProvider file
    AuthUserFile /etc/apache2/.htpasswd         
    AuthDigestNonceLifetime 30          
    Require valid-user
</Directory>

Also you will have to use the htdigest command to generate the .htpasswd file 另外,您还必须使用htdigest命令生成.htpasswd文件 

htdigest -c /etc/apache2/.htpasswd Restricted-Content username

then set the password then set the AuthDigestDomain to your URL or IP 然后设置密码,然后将AuthDigestDomain设置为您的URL或IP

this conffiguration can only work with the degest based authentication. 此配置只能与基于摘要的身份验证一起使用。 although the user must clear their browser cache manually. 尽管用户必须手动清除其浏览器缓存。

but i would recommend you switch to a different method for autentication, unless its the only option for the application 但是我建议您切换到另一种方法来进行验证,除非它是该应用程序的唯一选择

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ubuntu + apache2 + rvm + passenger + rails上的apache2 .htaccess错误 - apache2 .htaccess error on ubuntu + apache2 + rvm + passenger + rails SSI在Ubuntu 16.04和Apache 2.4.18上不起作用 - SSI Not Working on Ubuntu 16.04 and Apache 2.4.18 在Apache服务器Ubuntu 16.04 LTS中设置子域 - Setup subdomain in Apache server ubuntu 16.04 lts .htaccess文件无法使用apache2在Ubuntu 14.04上运行 - .htaccess file not working on Ubuntu 14.04 with apache2 Ubuntu 14.04 apache2配置问题 - Ubuntu 14.04 apache2 configuration problems HTACCESS Rewrite在Ubuntu 14,Apache2上不起作用 - HTACCESS Rewrite not working on Ubuntu 14, Apache2 使用Apache2在Ubuntu 12.04上启用htaccess错误 - Enable htaccess error on Ubuntu 12.04 with Apache2 在Ubuntu 14.04上的Apache2中设置缓存 - Setting up caching in Apache2 on ubuntu 14.04 在ubuntu中为apache2配置动态子域时出错 - Error in configuring dynamic subdomains for apache2 in ubuntu SSI(Apache)无法在全新的Ubuntu 16.04 VPS上运行 - SSI (Apache) not working on brand new Ubuntu 16.04 VPS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM