On Tue, 24 Jan 2006, Joshua Slive wrote:
On 1/24/06, Jason Keltz <[EMAIL PROTECTED]> wrote:
You can use
<Location />
AuthPAM_Enabled off
</Location>
in the appropriate <VirtualHost> to override .htaccess.
Excellent. That does work. However, the authentication page still
comes up requesting a username/password when I attempt to visit the http
version of the page. It's just that any username and password will
display the "Internal Server Error". Is there any way to make that
failure error come up without even displaying the authentication page?
Not that I know of.
Joshua,
I just realized -- if the user types their name and password, hits enter
and gets the "Internal Server Error" page, hasn't their password already
been sent in the clear from browser to server? This would defeat the
purpose of my intention to only allow PAM authentication via https.
Sure, PAM authentication would be off, but the name and password (I
think) would still be sent in the clear. Do you or anyone else have any
suggestions of how to get around this?
Jason.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
