0
Apache模块auth_tkt
创建身份验证cookie,可以通过密码验证,以便Web服务器无需咨询数据库即可生成REMOTE_USER
。什么是auth_tkt
饼干的规格?什么是auth_tkt cookie格式?
Apache模块auth_tkt
创建身份验证cookie,可以通过密码验证,以便Web服务器无需咨询数据库即可生成REMOTE_USER
。什么是auth_tkt
饼干的规格?什么是auth_tkt cookie格式?
从内http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-2.1.0.tar.gz
Cookie Format
The TKTAuthCookieName cookie is constructed using following algorithm:`
('+' is concatenation operation)
cookie := digest + hextimestamp + user_id + '!' + user_data
or if using tokens:
cookie := digest + hextimestamp + user_id + '!' + token_list + '!' + user_data
digest := MD5(digest0 + key)
digest0 := MD5(iptstamp + key + user_id + '\0' + token_list + '\0' + user_data)
iptstamp is a 8 bytes long byte array, bytes 0-3 are filled with
client's IP address as a binary number in network byte order, bytes
4-7 are filled with timestamp as a binary number in network byte
order.
hextimestamp is 8 character long hexadecimal number expressing
timestamp used in iptstamp.
token_list is an optional comma-separated list of access tokens
for this user. This list is checked if TKTAuthToken is set for a
particular area.
user_data is optional
的自述摘要计算MD5校验和的一个不很-HMAC键与秘密,那么散列票的休息吗? – joeforker 2010-03-31 21:20:40