Server - RH5 httpd-2.2.3 I have setup a server that uses ssl ldap authentication. This all works fine. I am trying to understand the connection from a client browser to the server. I am sniffing the packets on the server with tcpdump and also have tried wireshark. Since the server is using http not https I assumed that all traffic from the client browser to the server would be in clear text. So, when I connect to the server with the client browser I get the authentication window. I enter a username and passwd. Looking at the traffic on the server I see everything but the username and passwd. I would of thought that it would transmit the username and pass in clear text to the server since it is using http. The web server goes to the ldap server using ssl, so that traffic is encrypted as I expected. I'm just confused as to why the username and pass is not seen when looking at the packets. This is of course good behavior, but I am just trying to understand how it works. It seems that I have done this before with earlier versions and have seen the username and pass. Maybe I'm just remembering this wrong. Anyone know how this works? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|