Hi,
I use kerberos authentification and I don't want everyone's passwd to
travel plain text across the net. I know I could simply protect
directories by using SSLrequireSSL: but:
-for most of the docs of the site, ssl isn't needed;
-People are allowed to set up their own authentification policies by
using .htaccess files, however, I don't want to rely on them having
thought of using SSLrequireSSL.
So want I want to do, is either:
-discover that miraculously there was an undocumented function called
SSLRequireSSLforAuthentification;
-or have someone nice to tell me wich variable to check to see if SSL is
active (not just enabled: actually being used!) in order to modify
mod_auth_kerb to give an error if trying to authentify without ssl. I am
not brillant at C (although I am shameful not to be), so a full fully
operational expression yielding a boolean would be just great.
Thanks,
Pablo Arrighi.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
