|
Home > Archive > Apache Server configuration support > July 2007 > Configuring Apache access control
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Configuring Apache access control
|
|
| Yuri Shtil 2007-07-26, 1:23 pm |
| I have the following entry in my http.conf:
#-------------
<Location /newkr>
SSLVerifyClient require
SSLVerifyDepth 1
AuthName SOME
AuthType Basic
AuthBasicProvider ldap
AuthUserFile nul
AuthLDAPUrl "ldap://ldap.bla.com/ou=People, o=bla.com" TLS
AuthzLDAPAuthoritative off
require valid-user
</Location>
#------------------
The authentication works fine, BUT the browser (IE7) prompts for the
user name and password with the following warning:
Warning: This server is requesting that your username and password be
sent in an insecure manner (basic authentication without a secure
connection).
It looks like then traffic between the browser and Apache is not
encrypted and the password can be intercepted.
Any idea how to configure to prevent this? The apache doc only says: use
SSL, but how?
| |
| SnowBlind 2007-07-26, 7:22 pm |
| On Thu, 26 Jul 2007 09:17:59 -0700, Yuri Shtil <yshtil@cisco.com>
wrote:
AuthType Basic seems to be the issue here,
since it is not encrypted and the server tells you so.
Look at
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
Which I think covers your issue.
|
|
|
|
|