httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: Client authorization against LDAP using client certificates
Date Fri, 04 Jul 2008 12:28:22 GMT
On Fri, Jul 4, 2008 at 5:43 AM, Müller Johannes
<> wrote:
> Well, this would require quite big changes to all authentication modules, i guess.
> I think, the better way would be to skip authentication completely in mod_auth_basic
in case the user is set in the request object, because the user is already authenticated somehow
through mod_ssl.

Your solution 2 is not difficult at all, and you don't even really
need to use a new AuthType.  Simply returning OK or DECLINED from your
new modules early ap_hook_check_user_id, and letting authz run as
normal, is sufficient for cert-based auth.

Eric Covener

View raw message