httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Keltz <...@cs.yorku.ca>
Subject Re: [users@httpd] how to enable a module in one virtualhost
Date Wed, 25 Jan 2006 01:55:28 GMT
On Tue, 24 Jan 2006, Joshua Slive wrote:

> On 1/24/06, Jason Keltz <jas@cs.yorku.ca> wrote:
>
>>> You can use
>>>
>>> <Location />
>>> AuthPAM_Enabled off
>>> </Location>
>>>
>>> in the appropriate <VirtualHost> to override .htaccess.
>>
>> Excellent.  That does work.  However, the authentication page still
>> comes up requesting a username/password when I attempt to visit the http
>> version of the page.  It's just that any username and password will
>> display the "Internal Server Error".  Is there any way to make that
>> failure error come up without even displaying the authentication page?
>
> Not that I know of.

Joshua,

I just realized -- if the user types their name and password, hits enter 
and gets the "Internal Server Error" page, hasn't their password already 
been sent in the clear from browser to server?  This would defeat the 
purpose of my intention to only allow PAM authentication via https. 
Sure, PAM authentication would be off, but the name and password (I 
think) would still be sent in the clear.  Do you or anyone else have any 
suggestions of how to get around this?

Jason.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message