Hi,We use Apache as an authenticating proxy server to allow off-site students to access IP-restricted ejournal sites. They provide their university credentials which are validated by a RADIUS server. (We have mod_auth_radius + Apache 2.0.63.) Callers configure their Web browsers to use a Proxy Auto-Configuration File. This works fine and has done so for many years.
However, there is a concern that the username and password are transmitted in the clear from, typically, the student's home computer to the university's proxy server. We'd like to send these encrypted.
I have tried using an ssl-enabled authenticating proxy server but this confuses the browser as it attempts to talk http to an https server. I have looked at secure tunnelling and also wondered whether or not this could be solved using cookies. I can't see my way to make any progress on this problem. Can anyone comment or advise on the core issue of how one may transmit authenticating information in a secure manner.
Thanks very much. Roy Pearce Enterprise Systems Support Team Computing Systems University of Birmingham UK --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|