httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31418] - SSLUserName is not usable by other modules
Date Sun, 27 Nov 2005 00:02:34 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31418>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31418





------- Additional Comments From kpfleming@digium.com  2005-11-27 01:02 -------
Let me add my voice to this one... since I just fought with this very problem
myself, and came to a similar solution before being directed to this issue.

The problem is that FakeBasicAuth gives the user _no_ ability to set what
r->user will become; it forces it to the DN from the certificate and that is it.

I think it's reasonable to let SSLUserName have the desired effect even in
FakeBasicAuth mode; I've patched my mod_ssl (from 2.0.54) to set the
Authorization header based on dc->szUserName instead of clientdn if SSLUserName
was specified. This appears to work fine, and allowed me to work with an
unpatched mod_authz_svn (and the remote user name shows properly in access_log
as well). This also means that the usernames are 'proper' in the htpasswd file
and everywhere else that httpd would normally see/use them.

I've attached my patch for this behavior; please let me know if there is some
reason why mod_ssl should _not_ behave this way.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message