Hello everyone!
I've been an auth_pubtkt user since around 2008 and it has always worked extremely well for us. Lately, I've been using version 0.6a on production servers without a glitch.
We are in the process of upgrading our servers, OS, etc. and I am looking at implementing the latest auth_pubtkt version (0.8).
There is one new feature that is of particular interest to us: TKTAuthBadIPURL introduced in version 0.7 and contributed by John Wittkoski. I haven't found any documentation on this new feature.
Our cookie is generated on an https connection and includes the client IP (cip), but the cookie may later be used on regular http (non secure) connections to our different sites. Sometimes - rarely but it happened a couple of times - one of our students in a remote area will be on a proxy for regular http connections and will therefore be asked to log in again because of the different IP then the one stored in cip and because https connections do not usually go through the proxy. The problem we face is that we don't know the IP of the proxy that triggered the redirect to the login page and therefore cannot generate a new cookie using the proxy's IP. I've been doing tests
and tried to pass the "bad" IP in the Apache directive "TKTAuthBadIPURL
https://login.oursite.com/login.php?badip=%{REMOTE_ADDR}", but it does not work; %{REMOTE_ADDR} is passed as text in the URL.
Would there be an easy way to pass the current client IP through the TKTAuthBadIPURL directive? We are still on Apache 2.2.22 but may switch to Apache 2.4.
Thank you in advance!
Claude