On Thu, Mar 28, 2013 at 5:33 PM, Ken Nishimura <ken_nishimura@xxxxxxxxxxx> wrote: > Basically, using the mod_auth_ldap module, apart from using SSL (and > associated overhead), is it still the case that there is no way to encrypt > just the passing of username and password from the client (browser) back to > the server? > > As others have pointed out, SSL is a fallback, but with associated overhead. > Has this been fixed in later versions of Apache? mod_authnz_ldap requires HTTP Basic Authentication, which doesn't have any provision to encrypt the password separately from the rest of the connection. mod_authnz_ldap doesn't work with Digest authentication -- I don't think it can. What does your client support that would need a "fixed" mod_authnz_ldap? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|