httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: FakeBasicAuth - a howto anywhere?
Date Thu, 27 Jan 2005 18:26:38 GMT

On Jan 27, 2005, at 12:07 PM, Graham Leggett wrote:

> Mads Toftum said:
>
>> Simple:
>>
>> SSLOptions +FakeBasicAuth
>>
>> And then turn on basic auth as you would for plain passwords.
>> FakeBasicAuth will then act as if the user entered the certificate DN 
>> as
>> user and password as password.
>> There's an example in my mod_ssl talk from ApacheCon 2004 - see page 
>> 19
>> of http://cvs.apache.org/~mads/ac2004/MO18mod_ssl.pdf
>
> Read through the example - it requires a password file, which is 
> redundant
> (we already keep track of the user's identity via client cert and CRL, 
> we
> don't need to check again in a passwd file). Is there a way around this
> limitation?

As you know, all FakeBasicAuth is "preload" the auth
info; it still requires that authentication itself take
place. So the way around it is to enable anon auth which
accepts "anything" as valid. Of course, that's not too
secure. So some sort of special purpose auth module, which
is FakeBasicAuth awareish is required.


Mime
View raw message