Hi folks, I have a simple mod_authnz_ldap setup which grants access to a valid Domain User to the u1 location. <Location /u1/> AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthUserFile /dev/null AuthLDAPBindDN "ADC\\apacheuser" AuthLDAPBindPassword apachepass AuthLDAPUrl ldap://adc.example.net:389/DC=adc,DC=example,DC=net?sAMAccountName AuthName "Authorization required" require valid-user </Location> Everything is fine and works as expected, however I much prefer to have the 'Authorization: Basic YXBhY2hldXNlcjphcGFjaGVwYXNz' header encrypted and not available to a var such as $_SERVER["PHP_AUTH_PW"] in PHP while not harming the ldap functionality. SSL is little help as the var is still plainly available in code. Do you reckon there is a work around for this, i.e. w/ mod Digest or other means? Many thanks, -JE
|