[rt-users] LDAP Authentication, Redux
Les Mikesell
les at futuresource.com
Tue Dec 3 12:08:24 EST 2002
> From: Vivek Khera
> LM> And the only problem with SSL is that you can't use it with
> LM> multiple named vhosts on the same IP address. I like to give
> LM> every web service its own hostname because this makes it easy
>
> Unfortunately, no. There is a patch proposed for Apache2 that does
> the equivalent of TLS for SMTP mail (ie, connect to the same port as
> normal, do vhost things, then negotiate SSL), but there are no clients
> that support that yet.
This really needs to be tied to a different form of authentication
anyway - if the client passes the host: header it would probably
also pass the headers with basic authentication in the clear. In
many cases nothing but the password really needs to be encrypted.
> I just put my RT instance in different port number and its own
> instance of apache -- no vhosting. This keeps my RT module bloat from
> adding to the regular mod_perl server module bloat ;-)
This is a different issue familiar to mod_perl users that can be hidden
by a front-end proxy. It is still more painful than necessary when
you want to move it to a different machine or are forced to change
all of your IP addesses.
--
Les Mikesell
les at futuresource.com
More information about the rt-users
mailing list