httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <>
Subject Re: Client authorization against LDAP using client certificates
Date Fri, 04 Jul 2008 13:18:49 GMT

> -----Ursprüngliche Nachricht-----
> Von: Müller Johannes 
> Gesendet: Freitag, 4. Juli 2008 15:09
> An:
> Betreff: AW: Client authorization against LDAP using client 
> certificates
> So far so good, but how to handle fallback to basic 
> authentication if the client has no certificate 
> (SSLVerifyClient optional)?
> If we created a new module mod_auth_cert and there is no 
> username from mod_ssl we would like to call mod_auth_basic.
> If i understood you right, i would hook mod_auth_cert before 
> mod_auth_basic and let it react on AuthType Basic.
> If mod_auth_cert then returns DECLINED, mod_auth_basic runs 
> and does basic authentication.
> That would work, but i personally don't like it.
> If i configure "AuthType Basic" i want to do basic auth, not 
> cert auth.
> If i created a new module i would prefer configuring 
> "AuthType Cert" and doing something like "AuthCertFallback On"

You can do it this way and make your module non authoritative by
returning DECLINED.

You can make this configurable by creating something like a 
AuthCertAuthoritative directive in you module. And based on its value you return
either DECLINED or DONE.



View raw message