In article <> you wrote:
> I use kerberos authentification and I don't want everyone's passwd to
> travel plain text across the net. I know I could simply protect
> directories by using SSLrequireSSL: but:
> -for most of the docs of the site, ssl isn't needed;
> -People are allowed to set up their own authentification policies by
> using .htaccess files, however, I don't want to rely on them having
> thought of using SSLrequireSSL.
> So want I want to do, is either:
> -discover that miraculously there was an undocumented function called
> SSLRequireSSLforAuthentification;
> -or have someone nice to tell me wich variable to check to see if SSL is
> active (not just enabled: actually being used!) in order to modify
> mod_auth_kerb to give an error if trying to authentify without ssl. I am
> not brillant at C (although I am shameful not to be), so a full fully
> operational expression yielding a boolean would be just great.
Already answered in BugDB: "if (r->connection->client->ssl != NULL) ..."
where "r" is the request_rec your auth handler gets from the API.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
