httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48780] Enable mod_authnz_ldap to accept valid client certificates as sufficient authentication
Date Sun, 21 Feb 2010 17:02:30 GMT

--- Comment #2 from Eric Covener <> 2010-02-21 17:02:28 UTC ---
IIUC current patch needs to deal with the case where a cert wasn't provided
(SSLVerifyClient optional) or where r->user didn't come from the cert.

IMO cert-based authn or authz belongs outside of LDAP.  LDAP could have a
second provider that just checks to make sure current r->user can be found in
LDAP w/o looking at password (which is the additional check we're getting with
this patch over just clientcert == authenticated)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message