Hi
Just wondering if anyone has run midgard with Apache-ssl and what there experiences are.
We are looking at setting up ssl and I thought I would ask if anyone has any advice on
the easiest way to get midgard pages to be served through ssl. Do most people just use
mod-ssl? Have people set up Aegir to run through ssl because I am wondering about the
passwords for Aegir authentication and the other admin passwords. Without ssl are they
just currently just transmitted in clear text over the web?
mod_ssl works fine, just set the port in Midgard host to 443 (and the neccessary directives in the virtualhost declaration).
of passwords: Aegir uses nemeinauth which is sessions based and very paranoid, naturally on the login the password has to be sent cleartext (it's not actually plain cleartext [if I remember correctly] but close enough) but after that the cookie data is all encrypted. Old admin uses HTTP basic auth which is also cleartext for all pratical purposes.
/Rambo
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
