On Tue, 24 Jan 2006, Joshua Slive wrote:
On 1/24/06, Jason Keltz <jas@xxxxxxxxxxx> wrote:You can use <Location /> AuthPAM_Enabled off </Location> in the appropriate <VirtualHost> to override .htaccess.Excellent. That does work. However, the authentication page still comes up requesting a username/password when I attempt to visit the http version of the page. It's just that any username and password will display the "Internal Server Error". Is there any way to make that failure error come up without even displaying the authentication page?Not that I know of.
Joshua,I just realized -- if the user types their name and password, hits enter and gets the "Internal Server Error" page, hasn't their password already been sent in the clear from browser to server? This would defeat the purpose of my intention to only allow PAM authentication via https. Sure, PAM authentication would be off, but the name and password (I think) would still be sent in the clear. Do you or anyone else have any suggestions of how to get around this?
Jason. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|