Re: Authentication in Mosaic

• Mail folder: WWW Talk Jan 94-present
• Next message: Dave_Raggett: "RE: Whitespace"
• Previous message: Mitchell N Charity: "A note on naming www services"
• In-reply-to: rhb@hotsand.att.com: "Authentication in Mosaic"

From: luotonen@ptsun00.cern.ch (Ari Luotonen)
Date: Wed, 12 Jan 94 10:15:39 +0100
Message-id: <9401120915.AA06381@ptsun03.cern.ch>
To: rhb@hotsand.att.com, www-talk@www0.cern.ch
Subject: Re: Authentication in Mosaic
Content-Length: 1294

> Some quick questions on the authentication mechanism, at least as
> implemented in Mosaic 2.x.  I can't seem to find any specific 
> documentation on this subject.

Mosaic uses libwww authentication code, documented in

	http://info.cern.ch/hypertext/WWW/AccessAuthorization/Overview.html

What you need to read is the page:

	http://info.cern.ch/hypertext/WWW/AccessAuthorization/Browser.html


> Does Mosaic 2.x ever stop sending the authentication fields
> to a server,  i.e., is the only way to ensure that a session
> is closed to close the window?

For that server to directories that are protected -- no, it won't
stop.  AA info is only lost when exiting Mosaic, otherwise it's
cached globally (so exiting one window won't lose it -- this is
how it was designed to work, to minimize the amount of wasted time
in typing in usernames and passwords).

Important note: username and password for a given server are NEVER
sent to any other server, so you don't need to worry about your
authentication info going to vicious servers and their maintainers.


> Secondly, how many different servers can Mosaic 2.x authenticate
> to within the same window/process?  Is it greater than 1?

Unlimited number of servers/process.  Windows have nothing to do
with authentication.

-- Cheers, Ari --