Change default redirect status for AuthPAMExpiredRedirect to 303 See Other, make it configurable.

Redirect to reset password typically goes to different system,
so repeating for example POST which 307 Temporary Redirect does
is not that useful; the 303 See Other will do plain GET.
The redirect status can be overriden with an optional second parameter
to AuthPAMExpiredRedirect.

1 files changed, 4 insertions, 1 deletions

diff --git a/README b/README
index 96b7575..e1db8e6 100644
--- a/README
+++ b/README
@@ -95,7 +95,7 @@ two separate account PAM checks during the Basic Authentication.
 
 Handling expired password:
 
-    AuthPAMExpiredRedirect <URL>
+    AuthPAMExpiredRedirect <URL> [<status>]
 
 For both the authorization and HTTP Basic authentication case, if the
 password the user has presented has expired (PAM return codes
@@ -117,6 +117,9 @@ For example for FreeIPA 4.1+, the value can actually be
 
     https://<IPA-server>/ipa/ui/reset_password.html?url=%s
 
+By default the redirect is done using 303 See Other. The redirect
+status can be specified as numerical value in the 3xx range.
+
 SELinux:
 
 On SELinux enabled systems, boolean httpd_mod_auth_pam needs to