httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From apa...@buglecreek.com
Subject [users@httpd] Apache ldap authentication and secrurity
Date Thu, 16 Apr 2009 16:24:11 GMT
Server - RH5 httpd-2.2.3

I have setup a server that uses ssl ldap authentication.  This all works
fine.  I am trying to understand the connection from a client browser to
the server.  I am sniffing the packets on the server with tcpdump and
also have tried wireshark. Since the server is using http not https I
assumed that all traffic from the client browser to the server would be
in clear text.  So, when I connect to the server with the client browser
I get the authentication window.  I enter a username and passwd. 
Looking at the traffic on the server I see everything but the username
and passwd.  I would of thought that it would transmit the username and
pass in clear text to the server since it is using http.  The web server
goes to the ldap server using ssl, so that traffic is encrypted as I
expected.  I'm just confused as to why the username and pass is not seen
when looking at the packets.   This is of course  good behavior, but I
am just trying to understand how it works.  It seems that I have done
this before with earlier versions and have seen the username and pass. 
Maybe I'm just remembering this wrong.  Anyone know how this works? 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message