Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
On domain one I have a password protected section, users log in to this section by a username and password. In this section is a particular page with downloadable stuff on it.
On domain two I also have a protected section, after users have logged in onto this domain I want them to be able to click a link and have access to the particular page on domain one, without the need to verificate themselves once again.
Basically I need to have the .htaccess on domain one configured to that it alows access from domain2.com/page.html
Add their user and password created in the domain one's htpasswd file possibly? I'm not sure if this would work as I don't or have never set something like this up myself.
I don't think this will work due to the security restrictions on the browsers. They will only sned your username and passwords to hosts that you say it is ok to authenticate to. Imagine that the first page on my site running a custom web server asked you for a username and password and your browser just sent the last one that it used.
If you write the pages with perl or php you could check the referer information but I think that is all.
You might be able to get it working using the Apache modules mod_rewrite or mod_auth_cache. Personally I would go with mod_auth_cache, as mod_rewrite can be a real resource hog. Check out the mod_auth_cache home page at sourceforge:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.