On Mon, 7 Mar 2005 14:28:49 -0700, Kevin Konowalec <kevin.konowalec@xxxxxxxxxxx> wrote: > Is it possible to restrict AuthTypes based on specific criteria? Our > policy has changed such that we are no longer allowing the use of > Kerberos passwords via non SSL-enabled connections. So would it be > possible to only allow users connected via HTTPS to be able to > authenticate via kerberos (using mod_auth_kerb)? Sure. Scope the access restrictions inside the <VirtualHost> section that applies to SSL requests. In the non-SSL virtual host section, either put more stringent requirements, or deny all access, and use an ErrorDocument to give a helpful error message. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|