Eric,As I mentioned in the original posting, I was hoping to avoid using SSL due to the performance hit that we would take with it. If there is a solution out there (changes to httpd.conf or .htaccess files) that would allow me to pass the encrypted password from the browser to the web server (which would then pass it along to LDAP), that would be perfect. As I understand it, if one uses basic authentication with a .htpasswd file, then the passwords *are* encrypted from the browser to the web server (please tell me if I'm not understanding this correctly). The real question then is: is there something comparable with LDAP authentication? If not, I wonder if there is anything in the works to do that? That is, I did not see an enhancement request in the list for Apache developers, so I'm wondering if one needs to be created if nothing does yet exist to do what I want.
Mark On 9/28/2010 2:16 PM, Eric Covener wrote:
On Tue, Sep 28, 2010 at 2:17 PM, Mark Tischler <mark.tischler@xxxxxxxxxxxxxxxxxx> wrote:Eric, Thanks for this response. Very interesting. I guess that makes it even more desirous to find a solution to the overall problem of authenticating via LDAP in a secure manner... Does anyone have ideas on how to accomplish that?Wrap it in SSL on both ends?
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx