cce4bc
diff --git a/modules/proxy/ajp.h b/modules/proxy/ajp.h
cce4bc
index c65ebe5..330573b 100644
cce4bc
--- a/modules/proxy/ajp.h
cce4bc
+++ b/modules/proxy/ajp.h
cce4bc
@@ -413,11 +413,13 @@ apr_status_t ajp_ilink_receive(apr_socket_t *sock, ajp_msg_t *msg);
cce4bc
  * @param r         current request
cce4bc
  * @param buffsize  max size of the AJP packet.
cce4bc
  * @param uri       requested uri
cce4bc
+ * @param secret    authentication secret
cce4bc
  * @return          APR_SUCCESS or error
cce4bc
  */
cce4bc
 apr_status_t ajp_send_header(apr_socket_t *sock, request_rec *r,
cce4bc
                              apr_size_t buffsize,
cce4bc
-                             apr_uri_t *uri);
cce4bc
+                             apr_uri_t *uri,
cce4bc
+                             const char *secret);
cce4bc
cce4bc
 /**
cce4bc
  * Read the ajp message and return the type of the message.
cce4bc
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
cce4bc
index 074f0a8..53571ee 100644
cce4bc
--- a/modules/proxy/ajp_header.c
cce4bc
+++ b/modules/proxy/ajp_header.c
cce4bc
@@ -213,7 +213,8 @@ AJPV13_REQUEST/AJPV14_REQUEST=
cce4bc
 
cce4bc
 static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
cce4bc
                                           request_rec *r,
cce4bc
-                                          apr_uri_t *uri)
cce4bc
+                                          apr_uri_t *uri,
cce4bc
+                                          const char *secret)
cce4bc
 {
cce4bc
     int method;
cce4bc
     apr_uint32_t i, num_headers = 0;
cce4bc
@@ -293,17 +294,15 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg,
cce4bc
                    i, elts[i].key, elts[i].val);
cce4bc
     }
cce4bc
 
cce4bc
-/* XXXX need to figure out how to do this
cce4bc
-    if (s->secret) {
cce4bc
+    if (secret) {
cce4bc
         if (ajp_msg_append_uint8(msg, SC_A_SECRET) ||
cce4bc
-            ajp_msg_append_string(msg, s->secret)) {
cce4bc
+            ajp_msg_append_string(msg, secret)) {
cce4bc
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
cce4bc
-                   "Error ajp_marshal_into_msgb - "
cce4bc
+                   "ajp_marshal_into_msgb: "
cce4bc
                    "Error appending secret");
cce4bc
             return APR_EGENERAL;
cce4bc
         }
cce4bc
     }
cce4bc
- */
cce4bc
 
cce4bc
     if (r->user) {
cce4bc
         if (ajp_msg_append_uint8(msg, SC_A_REMOTE_USER) ||
cce4bc
@@ -628,7 +627,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg,
cce4bc
 apr_status_t ajp_send_header(apr_socket_t *sock,
cce4bc
                              request_rec *r,
cce4bc
                              apr_size_t buffsize,
cce4bc
-                             apr_uri_t *uri)
cce4bc
+                             apr_uri_t *uri,
cce4bc
+                             const char *secret)
cce4bc
 {
cce4bc
     ajp_msg_t *msg;
cce4bc
     apr_status_t rc;
cce4bc
@@ -640,7 +640,7 @@ apr_status_t ajp_send_header(apr_socket_t *sock,
cce4bc
         return rc;
cce4bc
     }
cce4bc
 
cce4bc
-    rc = ajp_marshal_into_msgb(msg, r, uri);
cce4bc
+    rc = ajp_marshal_into_msgb(msg, r, uri, secret);
cce4bc
     if (rc != APR_SUCCESS) {
cce4bc
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00988)
cce4bc
                "ajp_send_header: ajp_marshal_into_msgb failed");
cce4bc
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
cce4bc
index 5517e08..e998f58 100644
cce4bc
--- a/modules/proxy/mod_proxy.c
cce4bc
+++ b/modules/proxy/mod_proxy.c
cce4bc
@@ -260,6 +260,12 @@ static const char *set_worker_param(apr_pool_t *p,
cce4bc
             return "flusher name length must be < 16 characters";
cce4bc
         PROXY_STRNCPY(worker->s->flusher, val);
cce4bc
     }
cce4bc
+    else if (!strcasecmp(key, "secret")) {
cce4bc
+        if (PROXY_STRNCPY(worker->s->secret, val) != APR_SUCCESS) {
cce4bc
+             return apr_psprintf(p, "Secret length must be < %d characters",
cce4bc
+                                 (int)sizeof(worker->s->secret));
cce4bc
+        }
cce4bc
+    }
cce4bc
     else {
cce4bc
         return "unknown Worker parameter";
cce4bc
     }
cce4bc
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
cce4bc
index b702028..06f2b17 100644
cce4bc
--- a/modules/proxy/mod_proxy.h
cce4bc
+++ b/modules/proxy/mod_proxy.h
cce4bc
@@ -317,6 +317,7 @@ PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR )
cce4bc
 #define PROXY_WORKER_MAX_HOSTNAME_SIZE  64
cce4bc
 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE
cce4bc
 #define PROXY_BALANCER_MAX_STICKY_SIZE  64
cce4bc
+#define PROXY_WORKER_MAX_SECRET_SIZE    64
cce4bc
 
cce4bc
 #define PROXY_MAX_PROVIDER_NAME_SIZE    16
cce4bc
 
cce4bc
@@ -394,6 +395,7 @@ typedef struct {
cce4bc
     unsigned int     disablereuse_set:1;
cce4bc
     unsigned int     was_malloced:1;
cce4bc
     unsigned int     is_name_matchable:1;
cce4bc
+    char      secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
cce4bc
 } proxy_worker_shared;
cce4bc
 
cce4bc
 #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
cce4bc
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
cce4bc
index 380b870..81039bf 100644
cce4bc
--- a/modules/proxy/mod_proxy_ajp.c
cce4bc
+++ b/modules/proxy/mod_proxy_ajp.c
cce4bc
@@ -196,6 +196,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
cce4bc
     apr_off_t content_length = 0;
cce4bc
     int original_status = r->status;
cce4bc
     const char *original_status_line = r->status_line;
cce4bc
+    const char *secret = NULL;
cce4bc
 
cce4bc
     if (psf->io_buffer_size_set)
cce4bc
        maxsize = psf->io_buffer_size;
cce4bc
@@ -205,12 +206,15 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
cce4bc
        maxsize = AJP_MSG_BUFFER_SZ;
cce4bc
     maxsize = APR_ALIGN(maxsize, 1024);
cce4bc
 
cce4bc
+    if (*conn->worker->s->secret)
cce4bc
+        secret = conn->worker->s->secret;
cce4bc
+
cce4bc
     /*
cce4bc
      * Send the AJP request to the remote server
cce4bc
      */
cce4bc
 
cce4bc
     /* send request headers */
cce4bc
-    status = ajp_send_header(conn->sock, r, maxsize, uri);
cce4bc
+    status = ajp_send_header(conn->sock, r, maxsize, uri, secret);
cce4bc
     if (status != APR_SUCCESS) {
cce4bc
         conn->close = 1;
cce4bc
         ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868)