Apache LDAP Auth idle-timeout

Question

As part of the security policy we are upgrading out systems to comply with, I need to set our Apache LDAP Auth to have a idle-timeout of 15 minutes.

I.e. If the user stops using the system for over 15 minutes, the next time they go to use it they will need to re-authenticate.

Is this even possible? If so, how can I achieve it?

My auth config in my .htaccess file looks like this:

AuthName "AD Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "URL"
AuthLDAPBindDN "DN"
AuthLDAPBindPassword "PASSWORD"
AuthzLDAPAuthoritative Off
require valid-user

Any ideas?

score 5 · Answer 1 · answered May 04 '11 at 02:36

Unfortunately, basic authentication is not session-aware in any way. From the web server's perspective, they're actually forced to re-authenticate with every single request.

However, all browsers cache the credentials used for a basic auth connection, so that you don't need to re-enter credentials for every resource loaded from the server. The issue that this creates in your situation is that there's no way to 'expire' that data from the client browser; it keeps it as long as it wants.

To implement session timeouts, you may be stuck moving away from basic auth and toward a session-aware application.

score 0 · Answer 2 · edited Nov 06 '12 at 17:19

0

A way to manually tell the browser to forget current credentials is to open the current address with another/invalid user.

http://testuser@www.mypage.com

edited Nov 06 '12 at 17:19

chutz

8,300

answered Mar 21 '12 at 14:37

Skarllot

101

score -1 · Answer 3 · answered Jul 17 '13 at 06:40

-1

Try instructions from this site: http://search.cpan.org/~ksolomko/Apache2-AuthCookieLDAP-1.14/lib/Apache2/AuthCookieLDAP.pm

answered Jul 17 '13 at 06:40

Magochi

1

Apache LDAP Auth idle-timeout

3 Answers3