On Fri, May 04, 2012 at 11:17:58PM -0400, Nico Kadel-Garcia wrote: > Now, all that said: I *loathe* HTTP/HTTPS password based acces, because > there is no way to prevent your clients form storing passwords locally on > Linux or UNIX hosts. They don't *have* to use the kwallet or gnome-keyring > tools, and you can't make them without snooping on them all the time.
There are more authentication options available in httpd than just BasicAuth. Some are single-sign on solutions and don't require any password at all. Kerberos and SSPI for example. If httpd admins configure the server with one of these authentication options no password will ever be stored. Alas, whether you can use these options depends on the existing infrastructure -- same story with SSH though.
