httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Authentication restriction
Date Tue, 08 Mar 2005 03:02:54 GMT
On Mon, 7 Mar 2005 14:28:49 -0700, Kevin Konowalec
<> wrote:
> Is it possible to restrict AuthTypes based on specific criteria?  Our
> policy has changed such that we are no longer allowing the use of
> Kerberos passwords via non SSL-enabled connections.  So would it be
> possible to only allow users connected via HTTPS to be able to
> authenticate via kerberos (using mod_auth_kerb)?

Sure.  Scope the access restrictions inside the <VirtualHost> section
that applies to SSL requests.  In the non-SSL virtual host section,
either put more stringent requirements, or deny all access, and use an
ErrorDocument to give a helpful error message.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message