Testing
This commit is contained in:
@@ -414,7 +414,10 @@ filter-escaped against injection. The challenge front-end is shared: both PAM an
|
||||
the same `basicAuth` middleware, and the page load (`/`) is challenged too so the browser's
|
||||
native login dialog actually appears (a background `fetch('/me')` 401 does not prompt).
|
||||
Because Basic credentials are sent on every request, uopi can terminate **TLS** itself
|
||||
(`[server.tls]` → `ListenAndServeTLS`) without a reverse proxy. The four identity sources
|
||||
(`[server.tls]` → `ListenAndServeTLS`) without a reverse proxy; an optional
|
||||
`redirect_from` plain-HTTP listener 301-redirects `http://` visitors to the HTTPS service
|
||||
so they are upgraded instead of hitting the TLS port with cleartext ("client sent an HTTP
|
||||
request to an HTTPS server"). The four identity sources
|
||||
(proxy header, Kerberos, PAM-Basic, LDAP-Basic) all resolve to the same `userHeader` and are
|
||||
mutually exclusive where they overlap. Access is **role-based** through group
|
||||
memberships: each `[[groups]]` block lists members by role along the cumulative ladder
|
||||
|
||||
Reference in New Issue
Block a user