httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <fua...@apache.org>
Subject Re: Fake Basic Authentication
Date Thu, 09 Sep 2010 14:51:00 GMT
Am 09.09.2010 01:00, schrieb Nick Kew:
> Someone asked on IRC today about seemlessly mixing SSL Client
> authentication (FakeBasicAuth) with normal basic authn.
> As I understood it, users without a client cert should authenticate,
> but those with one would be spared the authn dialogue.
>
> A quick look at mod_ssl reveals that FakeBasicAuth sets r->user
> in an Access hook, so it's set before authn.  So what the user
> asks is trivial: all it needs is an authn provider that accepts
> any request in which r->user is set.  I've just hacked up the
> smallest-ever(?) module (attached) to do that.
>
> This could also give users flexibility to mix-and-match basic
> auth with other schemes in mod_rewrite style.  Or no doubt
> shoot themselves in the foot.
>
> Thoughts?
isnt this already something similar?
http://sourceforge.net/projects/modauthcertific/

Gün.





Mime
View raw message