httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48780] Enable mod_authnz_ldap to accept valid client certificates as sufficient authentication
Date Sun, 21 Feb 2010 17:02:30 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48780

--- Comment #2 from Eric Covener <covener@gmail.com> 2010-02-21 17:02:28 UTC ---
IIUC current patch needs to deal with the case where a cert wasn't provided
(SSLVerifyClient optional) or where r->user didn't come from the cert.

IMO cert-based authn or authz belongs outside of LDAP.  LDAP could have a
second provider that just checks to make sure current r->user can be found in
LDAP w/o looking at password (which is the additional check we're getting with
this patch over just clientcert == authenticated)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message