DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19502>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19502 Cannot tell how my password is being authenticated Summary: Cannot tell how my password is being authenticated Product: Apache httpd-1.3 Version: 1.3.23 Platform: All OS/Version: Linux Status: NEW Severity: Enhancement Priority: Other Component: Auth/Access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] My university allows students to create pages that can be restricted so that only registered students can view the page (the Apache server can be set to use authentication over kerberos). They also offer the web page authors the ability to deliver pages over a secure sockets layer (https) connection. Together these two facilities allow authors to make pages that I am happy to view using my university login. The users can also cause my browser to prompt me for a password using basic or digest autentication and there is no way for me to know which it is. The problem is that I do not trust the users who make the web pages and the authentication method determines whether or not they can see my password. I would like the httpd to have a configuration option that appends to the realm 'Kerberos: ' if that method of authentication is used and something like 'Not Kerberos: ', 'Basic: ' or 'Digest: ' if one of the other methods is used. I can then enter my password knowing that the author of the page does not see my authentication secret. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
