httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: FakeBasicAuth - a howto anywhere?
Date Thu, 27 Jan 2005 17:18:27 GMT


On Thu, 27 Jan 2005, Graham Leggett wrote:

> Read through the example - it requires a password file, which is redundant
> (we already keep track of the user's identity via client cert and CRL, we
> don't need to check again in a passwd file). Is there a way around this
> limitation?

Yes - by adding a module or using the auth_anon module. But this really
should be cleaned up :-) and result in a credentials or facts listing
passed around with the request - rather than those easily forged headers
we add now internally (and the breakage when you do an internal redirect).

Dw

Mime
View raw message