dev  

[PATCH] Add directive to skip authentication when using client certificates

Müller Johannes
Wed, 20 Aug 2008 00:43:23 -0700

Hello,

The following patch against trunk adds a directive "AuthBasicUserFromSSL" 
(On/Off) to mod_auth_basic.
Setting this to "On" would skip authentication if r->user is set by mod_ssl.
This is needed when using client certificates for authentication, because in 
this case you don't get any password from the user, which you can use to 
authenticate.
Well, there is FakeBasicAuth, but setting the password to "password" for every 
user in a directory is definitely no solution.

Would be nice if we could include this in 2.2.x too. The affected code is 
basically similar.

See also discussion at 
[EMAIL PROTECTED]

Configuration may look like this:

<Location /secret_area>
        SSLUserName                     SSL_CLIENT_S_DN_CN
        SSLVerifyClient         require
        AuthType                        Basic
        AuthName                        "Test"
        AuthBasicUserFromSSL    On

        AuthBasicProvider               ldap
        AuthLDAPUrl                     
ldap://myldapserver.company.com:389/ou=Users,o=COMPANY,c=COM?uid?sub
        AuthLDAPBindDN          cn=myUser,ou=users,o=COMPANY,c=COM
        AuthLDAPBindPassword    myPassword

        require ldap-group      cn=mygroup,ou=Groups,o=COMPANY,c=COM
</Location>


Greetings,
Johannes Müller

Attachment: mod_auth_basic.patch
Description: mod_auth_basic.patch

  • [PATCH] Add directive to skip authentication when using client certificates Müller Johannes