httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Müller Johannes <Johannes.Muel...@eon-is.com>
Subject [PATCH] Add directive to skip authentication when using client certificates
Date Wed, 20 Aug 2008 07:42:21 GMT
Hello,

The following patch against trunk adds a directive "AuthBasicUserFromSSL" (On/Off) to mod_auth_basic.
Setting this to "On" would skip authentication if r->user is set by mod_ssl.
This is needed when using client certificates for authentication, because in this case you
don't get any password from the user, which you can use to authenticate.
Well, there is FakeBasicAuth, but setting the password to "password" for every user in a directory
is definitely no solution.

Would be nice if we could include this in 2.2.x too. The affected code is basically similar.

See also discussion at http://mail-archives.apache.org/mod_mbox/httpd-dev/200807.mbox/%3C2DA2D25922A8EF48B9357D19AE7E0CE4075E394D@SME0011.o.eon-energie.net%3E

Configuration may look like this:

<Location /secret_area>
	SSLUserName			SSL_CLIENT_S_DN_CN
	SSLVerifyClient		require
	AuthType 			Basic
	AuthName 			"Test"
	AuthBasicUserFromSSL 	On

	AuthBasicProvider		ldap
	AuthLDAPUrl			ldap://myldapserver.company.com:389/ou=Users,o=COMPANY,c=COM?uid?sub
	AuthLDAPBindDN		cn=myUser,ou=users,o=COMPANY,c=COM
	AuthLDAPBindPassword	myPassword

	require ldap-group      cn=mygroup,ou=Groups,o=COMPANY,c=COM
</Location>


Greetings,
Johannes Müller


Mime
View raw message