PAM logout
24 views
Skip to first unread message
A
May 25, 2015, 5:18:30 PM5/25/15
to onio...@coralbits.com
Hi,
I am using the onion_handler_auth_pam function to log in to my webapp, but I have not been able to find a way to log out of the PAM session without closing the browser. The PAM authorization window with the user/password prompt only appears once, no matter what session data I clear or delete. I deleted all the cookies as well, and it does not seem to make a difference.
The handlers are
onion_handler *authenticateLoginHandle = onion_handler_new((onion_handler_handler)authenticateLogin, (void*)dirname, NULL);
onion_handler *pamAuthenticatedHandle = onion_handler_auth_pam("login", "login", authenticateLoginHandle);
onion_url_add_handler(webUrl, "@=login", pamAuthenticatedHandle);
Then, the function that is called after the PAM authentication has this signature.
onion_connection_status authenticateLogin(void *data, onion_request *req, onion_response *res)
{
}
My question is, how can i erase the PAM data so that when I go to the "@=login" URL, the authentication window with the user/password appears again. i.e., how do i do the PAM logout?
Thank you.
David Moreno Montero
May 26, 2015, 4:12:19 AM5/26/15
to A, onion-dev
This is like that by the way the basic authentication works on http. this is different than normal login on webpages, where state is stored in a cookie; with this authentication the user and password is sent on every request and remembered by the browser. (https://en.wikipedia.org/wiki/Basic_access_authentication)
Said that, I think you can force the browser to ask the password again giving back a 401 Unauthorized. That should trigger the browser to think you are no longer authorised and ask for credentials again.
Said that, I think you can force the browser to ask the password again giving back a 401 Unauthorized. That should trigger the browser to think you are no longer authorised and ask for credentials again.
Normally everybody wants what normal websites do, login and logout, state with cookies, but that flow has to be manually implemented in onion right now. Check garlic: https://github.com/davidmoreno/garlic, https://github.com/davidmoreno/garlic/blob/master/src/server.cpp#L38
--
You received this message because you are subscribed to the Google Groups "onion-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to onion-dev+...@coralbits.com.
To post to this group, send email to onio...@coralbits.com.
Visit this group at http://groups.google.com/a/coralbits.com/group/onion-dev/.
For more options, visit https://groups.google.com/a/coralbits.com/d/optout.
--
Reply all
Reply to author
Forward
0 new messages