httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Apache ldap authentication and secrurity
Date Thu, 16 Apr 2009 17:13:07 GMT
On Thu, Apr 16, 2009 at 12:24 PM,  <apache@buglecreek.com> wrote:
> Server - RH5 httpd-2.2.3
>
> I have setup a server that uses ssl ldap authentication.  This all works
> fine.  I am trying to understand the connection from a client browser to
> the server.  I am sniffing the packets on the server with tcpdump and
> also have tried wireshark. Since the server is using http not https I
> assumed that all traffic from the client browser to the server would be
> in clear text.  So, when I connect to the server with the client browser
> I get the authentication window.  I enter a username and passwd.
> Looking at the traffic on the server I see everything but the username
> and passwd

It's base64-encoded in the Authorization request header.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message