httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] Apache ldap authentication and secrurity
Date Thu, 16 Apr 2009 17:13:07 GMT
On Thu, Apr 16, 2009 at 12:24 PM,  <> wrote:
> Server - RH5 httpd-2.2.3
> I have setup a server that uses ssl ldap authentication.  This all works
> fine.  I am trying to understand the connection from a client browser to
> the server.  I am sniffing the packets on the server with tcpdump and
> also have tried wireshark. Since the server is using http not https I
> assumed that all traffic from the client browser to the server would be
> in clear text.  So, when I connect to the server with the client browser
> I get the authentication window.  I enter a username and passwd.
> Looking at the traffic on the server I see everything but the username
> and passwd

It's base64-encoded in the Authorization request header.

Eric Covener

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message