httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: Improved AuthType Certificate provider [enhancement #48780]
Date Fri, 09 Apr 2010 15:14:56 GMT
On Tue, Apr 6, 2010 at 7:51 PM, Thomas, Peter <pthomas@hpti.com> wrote:
>I 'm not sure this is
> the sort of feature we should be adding directly to 2.2.x,

Seems like a stretch.  There's an old thread on this same subject, and
a module, that you can find at
https://sourceforge.net/projects/modauthcertific/

I would suggest collecting the design decisions, and the interactions
with authn/authz/access control in trunk somewhere so people can
follow without too much investment.  Include config examples/use
cases.

The contentious parts for these things are usually:

How does the cert map to r->user?
How does one express that basic-auth-if-no-certificate (AuthType foo
bar, or does the cert module pre-empty basic auth via some other
config mechanism)
What if anything changes in authorization providers (hopefully nothing)

Unfortunately, doing this right in trunk probably makes it
unbackportable.  Getting it by hook or by crook in a standalone 2.2
module might mean making it look like basic auth internally and would
probably not be suitable for the base distribution.

-- 
Eric Covener
covener@gmail.com

Mime
View raw message