httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject thoughts on authnz_ldap stashing the basic auth password in per-request conf?
Date Sat, 29 May 2010 20:32:14 GMT
Would it be too offensive if mod_authnz_ldap stashed away the users
basic auth password in its own per-request config after it
successfully authenticates, then used it later during authorization?
It is floating around base64'ed anyway, but it still sounds unsavory.

There are some cases where at authorization time, if LDAP was also the
authentication source, the users credentials could be used against the
backend instead of hard-coded server credentials (this non-anoynmous,
no-hard-coded BindDN/BindPassword config is requested every now and
again)

-- 
Eric Covener
covener@gmail.com

Mime
View raw message