Eric,
As I mentioned in the original posting, I was hoping to
avoid using SSL due to the performance hit that we would take
with it. If there is a solution out there (changes to
httpd.conf or .htaccess files) that would allow me to pass the
encrypted password from the browser to the web server (which
would then pass it along to LDAP), that would be perfect. As I
understand it, if one uses basic authentication with a .htpasswd
file, then the passwords *are* encrypted from the browser to the
web server (please tell me if I'm not understanding this
correctly). The real question then is: is there something
comparable with LDAP authentication? If not, I wonder if there
is anything in the works to do that? That is, I did not see an
enhancement request in the list for Apache developers, so I'm
wondering if one needs to be created if nothing does yet exist
to do what I want.
Mark
On 9/28/2010 2:16 PM, Eric Covener wrote:
On Tue, Sep 28, 2010 at 2:17 PM, Mark Tischler
<mark.tisch...@alcatel-lucent.com> wrote:
Eric,
Thanks for this response. Very interesting. I guess that makes it even
more desirous to find a solution to the overall problem of authenticating
via LDAP in a secure manner... Does anyone have ideas on how to accomplish
that?
Wrap it in SSL on both ends?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
