LinuxQuestions.org - .htaccess and clear-text password

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - .htaccess and clear-text password (https://www.linuxquestions.org/questions/linux-server-73/htaccess-and-clear-text-password-641592/)

.htaccess and clear-text password

I have a lot of .htaccess files pointing to LDAP for authentication. When users authenticate, their username and password fly clear-text on the network. Is there anyway to encrypt these passwords so when they fly on the network, the fly encrypted? I don't want to HTTPS the entire site or various different places I use .htaccess - that would require too much work in httpd.conf. I would rather do something on the .htaccess file if that's at all possible.

Any help on this would be much appreciated. Thanks.

Somebody other will very probably be able to give deeper answers, but searching the web gives sites like this:

askapache.com/htaccess/apache-ssl-in-htaccess-examples.html

Quoted from the above page:

Quote:

Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

Additional https/ssl information

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com

Is that what you're looking for (SSLRequireSSL)?

I'd say if you're running a server, altering a configuration file (httpd.conf) can't possibly be too much work, if it's about security :)