Our intranet use mod_ldap to authenticate users to our internal Active Directory server as follows:
<Location /***/>
AuthType Basic
AuthName "***"
AuthBasicProvider ldap
AuthLDAPUrl "***"
require valid-user
</Location>
We want to allow our users to hit our site over the internet, but unfortunately Basic authentication is done in plain-text, which would expose our AD credentials on the net.
I realize that I could protect the entire site with ssl, but the only thing I'm really concerned about are the credentials themselves.
What is the best way to protect my AD credentials without using https:// for the entire site?
Note: I've tried substituting "Digest" for "Basic", but that doesn't work.