Logo address

Access Control

2002/02/10

Basic authentication

Plan9 supports basic authentication that is defined in HTTP/1.0.
The merit of basic authentication is simply that it is widely supported because of its simplicity of the mechanism.
On the other hands, basic authentication is weak in network snooping because raw password is transmitted over network.

More secure authentication mechanism, challenge/response, is defined in HTTP/1.1. However it is not supported yet even by major browsers.
Therefore Pegasus does not support challenge/response.

For basic authentication, Pegasus uses authentication server or a file in CPU server. In latter case, Pegasus use MD5 digest.

Related file: /etc/passwd


Access Control based on IP address

Pegasus can control access to the documents using IP of the clients.

Related file: /etc/allow !