[rt-users] LDAP Authentication, Redux

[Les Mikesell]

> From: rt-users-admin at lists.fsck.com

> JG> Only problem with basic auth, to my knowledge, is that anyone with a 
> JG> sniffer watching long enough will be able to grab passwords since with 
> JG> basic auth they are sent as plain text.
> 
> SSL, man, SSL!

And the only problem with SSL is that you can't use it with
multiple named vhosts on the same IP address.  I like to give
every web service its own hostname because this makes it easy
to move around as machines are changed or upgraded without
affecting anything else and it is a lot easier to do this with
CNAMES than IP addresses.  When you run these over ssl the browser
always pops up a warning that the hostname on the certificate
doesn't match the requested host - but it does work as long as the
user clicks the OK button.  Is there any way to avoid this that
doesn't tie the name to an IP address as a side effect?

--
  Les Mikesell
    les at futuresource.com