Hi,
We use Apache as an authenticating proxy server to allow off-site
students to access IP-restricted ejournal sites. They provide their
university credentials which are validated by a RADIUS server. (We have
mod_auth_radius + Apache 2.0.63.) Callers configure their Web browsers
to use a Proxy Auto-Configuration File. This works fine and has done so
for many years.
However, there is a concern that the username and password are
transmitted in the clear from, typically, the student's home computer to
the university's proxy server. We'd like to send these encrypted.
I have tried using an ssl-enabled authenticating proxy server but this
confuses the browser as it attempts to talk http to an https server.
I have looked at secure tunnelling and also wondered whether or not this
could be solved using cookies. I can't see my way to make any progress
on this problem. Can anyone comment or advise on the core issue of how
one may transmit authenticating information in a secure manner.
Thanks very much.
Roy Pearce
Enterprise Systems Support Team
Computing Systems
University of Birmingham
UK
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]