Hi,
sorry I was on vacation and had no time to answer your question. If you still waiting for a answer I can drop you some lines on Tuesday.
Just one thing: you only need SSL if you want to encrypt the HTML-Stream esp. Username and Password. If you are using BasicAuthentifiaction or FormBased Authentification you have to encrypt the stream or somebody can read the value with an http-Sniffing tool.
If you have only a intranet web, than only intranet users can sniff to trafic of others - althought all companies I know wopuld use SSL..
cu
Torsten
ps: sorry typing this via my iPhone is pain - on Tuesday I have my laptop back, than I will write you a tutorial to your last question.