I don't know the details and the sysadmin is out of the office today, but I understand that it is basic auth. I think it is fine to disable that option by default and enable it only on a command-line argument. Marc-Andr? Laverdi?re-Papineau Researcher - e-Security Team TCS Innovation Labs On 06/19/2014 02:47 PM, David Woodhouse wrote: > On Thu, 2014-06-19 at 14:33 +0530, Marc-Andr? Laverdi?re wrote: >> FYI, I cloned from the git repo and built it. >> I was able to connect to my VPN through the proxy without any >> glitches. > > I assume that's using Basic authentication? > > I may break that, and require you to explicitly *ask* for Basic auth if > you want it. Sending passwords in the clear is not a good thing. > > I'll probably end up implementing Digest auth too at some point. >
