On Thu, 27 Jan 2005, Jim Jagielski wrote:
> As you know, all FakeBasicAuth is "preload" the auth info; it still > requires that authentication itself take place. So the way around it is > to enable anon auth which accepts "anything" as valid. Of course, that's > not too secure. So some sort of special purpose auth module, which is > FakeBasicAuth awareish is required. Right you -really- want to also have an SSLRequire in place ! or alternatively we have a small module in the company which simply filles out the c->user from the the SSL env() info - whcih sometimes is needed when there is a rewrite/internal_redirect causing the Auth header to go awol.. Dw
