AuthLDAPBindPasswordThis is a discussion on AuthLDAPBindPassword within the Apache forums in Application Servers & Tools category; hi, Is there a way to avoid putting the user password in clear text? AuthType Basic AuthName "internal users" AuthLDAPBindDN "uk-siroe-com\user" AuthLDAPBindPassword "password" thank you __________________________________________________ ________ Not happy with your email address?. Get the one you really want- millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org... | ||||||||
| | ||||||||
| ||||||||
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
07-22-2008, 11:34 AM
| |||
| |||
 AuthLDAPBindPassword hi, Is there a way to avoid putting the user password in clear text? AuthType Basic AuthName "internal users" AuthLDAPBindDN "uk-siroe-com\user" AuthLDAPBindPassword "password" thank you __________________________________________________ ________ Not happy with your email address?. Get the one you really want- millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org  |
|
#2
07-22-2008, 02:20 PM
| |||
| |||
| Re: AuthLDAPBindPassword Melanie Pfefer wrote: > hi, > > Is there a way to avoid putting the user password in clear text? > > AuthType Basic > AuthName "internal users" > AuthLDAPBindDN "uk-siroe-com\user" > AuthLDAPBindPassword "password" > I don't really know the answer, but does it matter ? 1) the httpd.conf should only be readable by root 2) unless I am mistaken, this user-id/password is only used to "bind" (aka log into) the LDAP system in order to look up a real user's id/pw. So it could be a special account that has very little capabilities. 3) there might even exist a way to do an "anonymous bind", if the purpose is just to verify a user-id later. Specialists correct me if I'm wrong. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org |
 |
| Thread Tools | |
| Display Modes | |
Linear Mode
