Hmmm....
I can easily add (optional) internal authentication. It would not use 401 auth at all, but would be part of sessions state. Basically, any access would trigger the 'login' module until proper credentials have been provided. This is plain http, so it should get around the problems.
Note also that it should be able to use the same passwd file that htaccess uses, so authentication could be mixed if desired.
Will look at this tomorrow.
|