Melanie Pfefer wrote:
hi, Is there a way to avoid putting the user password in clear text? AuthType Basic AuthName "internal users" AuthLDAPBindDN "uk-siroe-com\user" AuthLDAPBindPassword "password"
I don't really know the answer, but does it matter ? 1) the httpd.conf should only be readable by root2) unless I am mistaken, this user-id/password is only used to "bind" (aka log into) the LDAP system in order to look up a real user's id/pw. So it could be a special account that has very little capabilities. 3) there might even exist a way to do an "anonymous bind", if the purpose is just to verify a user-id later.
Specialists correct me if I'm wrong. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|