httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: mod-ssl and authz modules
Date Fri, 23 Aug 2002 12:57:00 GMT


On Fri, 23 Aug 2002, Jose Correia (J) wrote:

> I'm trying to config mod_ssl inside apache's httpd.conf to just do
> basic authentication i.e. I don't want it to request the client for a
> certficate. How does one do that exactly?
>
> My basic authentication module is mod_authz_ldap which connects to an
> openldap database.

The two are totally separate; so you may want to make sure that the above
works perfectly before adding the SSL layer.

> I tried setting the "SSLVerifyClient" to none but the client browser
> still gives a warning and doesn't show the basic authentication login
> dialog.

Correct; that is not the right approach. Assuming you want to use Basic
Auth over SSL, this is what I usually do

1.	Get SSL to work on https://intranet.bar.com/

	<VirtualHost intranet.bar.com:443>
		..
		SSLEngine On
		SSLCertificateFile	..../intranet.bar.com.pem
		...
		DocumentRoot /foo
		<Directory /foo>
			...
		</Directory>
	</VirtualHost>

2.	Disable SSL and then get BasicAuth to work with
	the right backend onm http://intranet.bar.com/

	<VirtualHost intranet.bar.com:80>
		...
		# SSLEngine On
		# SSLCertificateFile	..../intranet.bar.com.pem
		...
		<Directory /foo>
			AuthType Basic
			AuthName Intranet
			...
		</Directory>
	</VirtualHost>

3.	Then combine
	<VirtualHost intranet.bar.com:443>
		...
		SSLEngine On
		SSLCertificateFile	..../intranet.bar.com.pem
		...
		<Directory /foo>
			AuthType Basic
			AuthName Intranet
			...
		</Directory>
	</VirtualHost>

At any time; keep a

	tail -f .../logs/error_log

as this is where you will see most of the action.

Dw


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message