httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Followup to [Bug 50028] (LDAP authentication with encrypted passwords)
Date Thu, 28 Mar 2013 23:11:37 GMT
On Thu, Mar 28, 2013 at 5:33 PM, Ken Nishimura
<ken_nishimura@agilent.com> wrote:
> Basically, using the mod_auth_ldap module, apart from using SSL (and
> associated overhead), is it still the case that there is no way to encrypt
> just the passing of username and password from the client (browser) back to
> the server?
>
> As others have pointed out, SSL is a fallback, but with associated overhead.
> Has this been fixed in later versions of Apache?

mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have
any provision to encrypt the password separately from the rest of the
connection.

mod_authnz_ldap doesn't work with Digest authentication -- I don't think it can.

What does your client support that would need a "fixed" mod_authnz_ldap?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message