Authentication over SSL
Russ Allbery
rra at stanford.edu
Mon Sep 8 17:15:05 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> We would then have to change the meaning of require_ssl. This parameter
> currently tells whether an auth block can be used (it can match a client
> if he uses an encrypted connection).
> Here, we want a parameter to tell whether AUTHINFO USER is allowed on an
> unencrypted connections so the auth block will never match if the client
> is not using SSL. Thus, we will never now if he can use AUTHINFO USER.
But if no auth blocks that accept passwords apply to the current
connection, AUTHINFO USER is not available, yes?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list