On Mon, Apr 21, 2014 at 7:38 AM, Graham Leggett <[email protected]> wrote: > Hi all, > > Right now, we have the SSLUserName directive, which takes an arbitrary SSL > variable and turns it into a username for the benefit of the request. This > has the downside that only SSL variables (and some CGI variables) are usable > as usernames, and it combines with FakeBasicAuth to create undesirable side > effects. > > What would be cleaner is if we deprecate SSLUserName and create a > mod_auth_user.c module that declares AuthType User, and then offers a > AuthUser directive that sets the user based on an arbitrary expression from > ap_expr.h. This will make client certificates easier to work with, and > provide options for authentication that aren't based purely on logins, such > as tokens in URLs, etc.
I have a working module that just does the certificate in lieue of basic auth based on ap_expr: https://github.com/covener/apache-modules/blob/master/mod_authn_cert.c IMO the problem with doing that in a new authtype is that people immediately want N authtypes in order which is much harder to.
