(no commit message)

author http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web>

Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)

committer Joey Hess <joey@kitenet.net>

Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)
author http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web>
Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)
committer Joey Hess <joey@kitenet.net>
Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)
diff --git a/doc/plugins/contrib/unixauth/discussion.mdwn b/doc/plugins/contrib/unixauth/discussion.mdwn

index 91c59ff1d0bafc5b070bde01ab9c201e8b6849ab..863e3c91a35f3711e97cb12863be031bf0b77a26 100644 (file)
--- a/doc/plugins/contrib/unixauth/discussion.mdwn
+++ b/doc/plugins/contrib/unixauth/discussion.mdwn
@@ -20,3 +20,6 @@ Thanks for the comments. That's definitely an undesirable interaction between pw
  -- [[schmonz]]
  
  > Have you considered using [[plugins/httpauth]] and then the appropriate apache module?  There are apache modules like [mod_authnz_external](http://unixpapa.com/mod_auth_external.html) that might help.  The advantage of these solutions is that they usually make the security implications explicit.  -- Will
+
+Actually, yes. That's how I made sure I had pwauth working to begin with. I'm partial to the form-based approach because I'm not aware of any way to reliably "log out" browsers from HTTP authentication. If that *is* reliably possible, then I worked way too hard for no reason. ;-)
+-- [[schmonz]]
author	http://schmonz.livejournal.com/ <http://schmonz.livejournal.com/@web>
	Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)
committer	Joey Hess <joey@kitenet.net>
	Wed, 30 Jul 2008 05:25:05 +0000 (01:25 -0400)