Thanks. I found the provided links very helpful. I decided
to file an enhancement request in ASF Bugzilla, given that this
has been complained about for at least 3 years.
Also, thanks to Igor for suggesting Kerberos. I will look into
that.
Mark
On 9/28/2010 6:09 PM, [triplepack] info (i
> Eric,
> Thanks for this response. Very interesting. I guess that
> makes it even more desirous to find a solution to the overall
> problem of authenticating via LDAP in a secure manner... Does
> anyone have ideas on how to accomplish that?
Have you considered Kerberos?
> Mark
/sni
Digest does more then just encrypting the password.
http://en.wikipedia.org/wiki/Digest_access_authentication
and if you have a look at that RFC http://www.ietf.org/rfc/rfc2829.txt
LDAP it self possibly supports already digest-md5.
so really the LDAP auth should support the digest auth by ma
William,
Thanks. There is no way to make Digest authentication work with
LDAP from what I have found/read. But it seems to me that
someone must have already run up against this sometime before
now. Is my understanding correct that one can use Digest
authentication to encrypt the password
On 9/24/2010 4:28 PM, Mark Tischler wrote:
> I have been looking through a lot of documentation on this subject, both on
> apache.org
> and elsewhere, and I can't seem to find an answer to the following question:
>
> Our Apache web server (version 2.2.11 running on Solaris 10) is currently
> au
Eric,
As I mentioned in the original posting, I was hoping to
avoid using SSL due to the performance hit that we would take
with it. If there is a solution out there (changes to
httpd.conf or .htaccess files) that would allow me to pass the
encrypted password from the browser to the web
On Tue, Sep 28, 2010 at 2:17 PM, Mark Tischler
wrote:
> Eric,
> Thanks for this response. Very interesting. I guess that makes it even
> more desirous to find a solution to the overall problem of authenticating
> via LDAP in a secure manner... Does anyone have ideas on how to accomplish
> t
Eric,
Thanks for this response. Very interesting. I guess that
makes it even more desirous to find a solution to the overall
problem of authenticating via LDAP in a secure manner... Does
anyone have ideas on how to accomplish that?
Mark
On 9/24/2010 4:28 PM, Mark Tischler wrote:
I h
> I understand that I could force the users to use an https URL instead of an
> http URL, but that seems like it would be overkill. If that is the only
> solution to this issue, then we would really want the user to authenticate
> over https, but then fall back to http for all of the rest of the
>
I have been looking through a lot of documentation on this
subject, both on apache.org and elsewhere, and I can't seem to
find an answer to the following question:
Our Apache web server (version 2.2.11 running on Solaris 10) is
currently authenticating users via LDAP successfully. But, we
w
10 matches
Mail list logo
