httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Authentication restriction
Date Tue, 08 Mar 2005 03:02:54 GMT
On Mon, 7 Mar 2005 14:28:49 -0700, Kevin Konowalec
<kevin.konowalec@ualberta.ca> wrote:
> Is it possible to restrict AuthTypes based on specific criteria?  Our
> policy has changed such that we are no longer allowing the use of
> Kerberos passwords via non SSL-enabled connections.  So would it be
> possible to only allow users connected via HTTPS to be able to
> authenticate via kerberos (using mod_auth_kerb)?

Sure.  Scope the access restrictions inside the <VirtualHost> section
that applies to SSL requests.  In the non-SSL virtual host section,
either put more stringent requirements, or deny all access, and use an
ErrorDocument to give a helpful error message.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message