On 3/1/06, Nick Kew <nick@xxxxxxxxxxxx> wrote: > On Tuesday 28 February 2006 21:40, Jesper Krogh wrote: > > Is it possible to make apache match the username "case-insensitive" > > against lists in AuthUserFile /AuthGroupFile? > > That would potentially be a security hole. Yes if it could be done without people knowing it. If it were configurable, it would be a feature :-) If I didn't explain the problem well enough, then an example would work: I just would like apache to assume that Jesper, JESPER, jesper, and so on, was the same user when matching up agaings the lists. > > We're using mod_ntlm and it generally works fine, but the different > > platforms tend to send usernames in mixed cases. > > Hmmm. Don't you get that behaviour if you use a case-insensitive filesystem? No. That would give me flexibillity in the names of the files containing the user-list, not the usernames. I have got the mod_ntlm C-code, so if anyone could give me directions on how to modify the REMOTE_USER stuff from a C-apache module, then I could probably do it that way. Jesper --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|