On Wed, 10 Aug 2005, Didier Wiroth wrote: > Is it possible to use one time passwords with openbsd's httpd?
The problem is that each HTTP request carries a new password - so in the general case you would run through a lot of those in short order. What I've done routinely is have a 'login' on http application level; verify a one time password theren and then issue a string cookie. And then allow access based on the precense of that cookie (and a check that the connection is over SSL, etc). Dw.
