Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F3B491138E for ; Mon, 21 Apr 2014 11:39:19 +0000 (UTC) Received: (qmail 31752 invoked by uid 500); 21 Apr 2014 11:39:18 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 31669 invoked by uid 500); 21 Apr 2014 11:39:17 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 31660 invoked by uid 99); 21 Apr 2014 11:39:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Apr 2014 11:39:17 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of minfrin@sharp.fm designates 174.143.229.200 as permitted sender) Received: from [174.143.229.200] (HELO chandler.sharp.fm) (174.143.229.200) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Apr 2014 11:39:10 +0000 Received: from chandler.sharp.fm (localhost [127.0.0.1]) by chandler.sharp.fm (Postfix) with ESMTP id 13AF0C8312 for ; Mon, 21 Apr 2014 06:38:50 -0500 (CDT) Received: from [192.168.88.207] (pepperpotdsl.claranet.co.uk [217.158.253.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTP id 725DAC8310 for ; Mon, 21 Apr 2014 06:38:49 -0500 (CDT) From: Graham Leggett Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: SSLUserName -> mod_auth_user Message-Id: <041F6AA8-831E-4581-9920-AE9BE3A1C43F@sharp.fm> Date: Mon, 21 Apr 2014 13:38:48 +0200 To: dev@httpd.apache.org Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Checked: Checked by ClamAV on apache.org Hi all, Right now, we have the SSLUserName directive, which takes an arbitrary = SSL variable and turns it into a username for the benefit of the = request. This has the downside that only SSL variables (and some CGI = variables) are usable as usernames, and it combines with FakeBasicAuth = to create undesirable side effects. What would be cleaner is if we deprecate SSLUserName and create a = mod_auth_user.c module that declares AuthType User, and then offers a = AuthUser directive that sets the user based on an arbitrary expression = from ap_expr.h. This will make client certificates easier to work with, = and provide options for authentication that aren't based purely on = logins, such as tokens in URLs, etc. Thoughts? Regards, Graham --