diff options
author | http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web> | 2008-07-30 01:25:05 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2008-07-30 01:25:05 -0400 |
commit | dd25c7c4afa8f57e909fed63fb6bcf1648de531b (patch) | |
tree | 4c3d59e2f30bd740924c38bda5b42660f2e70354 /doc/plugins | |
parent | ae04ca55467ff3c672a423caedf0daff5a5a8a47 (diff) |
Diffstat (limited to 'doc/plugins')
-rw-r--r-- | doc/plugins/contrib/unixauth/discussion.mdwn | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/plugins/contrib/unixauth/discussion.mdwn b/doc/plugins/contrib/unixauth/discussion.mdwn index 91c59ff1d..863e3c91a 100644 --- a/doc/plugins/contrib/unixauth/discussion.mdwn +++ b/doc/plugins/contrib/unixauth/discussion.mdwn @@ -20,3 +20,6 @@ Thanks for the comments. That's definitely an undesirable interaction between pw -- [[schmonz]] > Have you considered using [[plugins/httpauth]] and then the appropriate apache module? There are apache modules like [mod_authnz_external](http://unixpapa.com/mod_auth_external.html) that might help. The advantage of these solutions is that they usually make the security implications explicit. -- Will + +Actually, yes. That's how I made sure I had pwauth working to begin with. I'm partial to the form-based approach because I'm not aware of any way to reliably "log out" browsers from HTTP authentication. If that *is* reliably possible, then I worked way too hard for no reason. ;-) +-- [[schmonz]] |