mod_auth_bsd is an Apache module which provides HTTP Basic authentication via the BSD Authentication framework as available in OpenBSD.
|Tags||Internet Web HTTP Servers|
|Operating Systems||POSIX BSD OpenBSD|
Release Notes: This release supports Require group and Require user access directives, even from chroot, using system user databases. An AuthBSDStrictRequire switch was added to force all Require directives to match instead of only one, which is the default behavior for Apache auth modules.
Release Notes: This release supports authentication from a chroot jail. Credential caching was provided along with failure throttling to thwart dictionary attacks.
No changes have been submitted for this release.
Release Notes: This version removes the failure database because of signal issues allowing database corruption (truncated writes). The only practical fix was subject to a race, so this "feature" was removed entirely, and replaced with a simple, required nanosleep to mitigate brute-force attack.
Release Notes: Stricter/safer enforcement of login failure penalties, installation fixups, and a new AuthBSDRequireSSL directive (defaults to On).