I have a patch that allow mod_jk to send a 'secret', the same way as ajp12 works. It seems completely safe and backward compatible. The code to check the secret on java side is also trivial and unlikely to create any problems.
I can check this in in 2-3 days ( I'm in NYC now, not sure I'll be able to) - or wait until after 4.0.2 It doesn't affect backward compat - mod_jk will continue to work with 3.2.x, 3.3, 4.x which do not have this on the java side - as long as the pass is not used. Again, it's something different from the ajp14 auth ( based on md5 and challenge-response ) - it's more of a temporary solution using an extra attribute in ajp13. Let me know what you preffer. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
