Session authentication : password passed inclear text

I have an internal requirement to make sure session authentication to a domino server via a browser does not pass the ‘password’ in clear text. Currently using a network analyser the password can be seen during authentication in clear text.

SSO authentication is in use.

Is my only alternative to implement SSL on the domino server…I’ve tested when SSO is not in use (session authentication is disabled) and the password is not passed in clear text.

Anybody got any ideas…I can’t believe SSL is the only option as this would mean a server wide implemention

Thanks

Subject: session authentication : password passed inclear text

Yes, that’s the way it works, and not just on Domino – on every web server. Note that only the login process actually requires SSL; once the user is logged in and is using a session id, you can redirect to plain old HTTP.