OpenVMS with Apache, OSU, and WASD

7.2 Authentication

7.2 Authentication

There are several types of authentication available to Web servers. Structurally, they all work the same way. The client requests a resource that has access controls that require authentication; the Web server asks the client to authenticate (by sending it a "401 Authentication Required" header along with a "realm" or "authentication name"). The browser then asks the user for user name and password (typically in a separate small window on graphical browsers) or gets them from some other source Internet Explorer running Windows NT talking to an IIS server in the same Windows domain will pass along your authenticated login name without requiring you to enter it, although that example is irrelevant for a VMS-based server and then assembles a credentials packet, which it sends back to the server. The browser caches the contents of the credentials packet, based on realm and fully qualified server name, so it doesn't have to ask the user over and over again.

Since HTTP is a stateless protocol, the server needs authentication information for each protected page and will ask the browser for it every time. If the browser has the credentials for that realm in its cache, it supplies them.

Unfortunately, there's no way for either the server or the user to tell the browser to forget the credentials it has cached that is, to log out from the session with the server. If you've provided a user name/password to a Web browser at an Internet cafe, you need to shut down the browser...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Computer Terminals
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.