On Thu, 27 Jan 2005, Graham Leggett wrote:
> Read through the example - it requires a password file, which is redundant > (we already keep track of the user's identity via client cert and CRL, we > don't need to check again in a passwd file). Is there a way around this > limitation? Yes - by adding a module or using the auth_anon module. But this really should be cleaned up :-) and result in a credentials or facts listing passed around with the request - rather than those easily forged headers we add now internally (and the breakage when you do an internal redirect). Dw
