httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <>
Subject Re: Fake Basic Authentication
Date Thu, 09 Sep 2010 14:51:00 GMT
Am 09.09.2010 01:00, schrieb Nick Kew:
> Someone asked on IRC today about seemlessly mixing SSL Client
> authentication (FakeBasicAuth) with normal basic authn.
> As I understood it, users without a client cert should authenticate,
> but those with one would be spared the authn dialogue.
> A quick look at mod_ssl reveals that FakeBasicAuth sets r->user
> in an Access hook, so it's set before authn.  So what the user
> asks is trivial: all it needs is an authn provider that accepts
> any request in which r->user is set.  I've just hacked up the
> smallest-ever(?) module (attached) to do that.
> This could also give users flexibility to mix-and-match basic
> auth with other schemes in mod_rewrite style.  Or no doubt
> shoot themselves in the foot.
> Thoughts?
isnt this already something similar?


View raw message