Re: Authentication in Mosaic

Ari Luotonen (luotonen@ptsun00.cern.ch)
Wed, 12 Jan 94 10:15:39 +0100


> Some quick questions on the authentication mechanism, at least as
> implemented in Mosaic 2.x. I can't seem to find any specific
> documentation on this subject.

Mosaic uses libwww authentication code, documented in

http://info.cern.ch/hypertext/WWW/AccessAuthorization/Overview.html

What you need to read is the page:

http://info.cern.ch/hypertext/WWW/AccessAuthorization/Browser.html

> Does Mosaic 2.x ever stop sending the authentication fields
> to a server, i.e., is the only way to ensure that a session
> is closed to close the window?

For that server to directories that are protected -- no, it won't
stop. AA info is only lost when exiting Mosaic, otherwise it's
cached globally (so exiting one window won't lose it -- this is
how it was designed to work, to minimize the amount of wasted time
in typing in usernames and passwords).

Important note: username and password for a given server are NEVER
sent to any other server, so you don't need to worry about your
authentication info going to vicious servers and their maintainers.

> Secondly, how many different servers can Mosaic 2.x authenticate
> to within the same window/process? Is it greater than 1?

Unlimited number of servers/process. Windows have nothing to do
with authentication.

-- Cheers, Ari --