On Jan 27, 2005, at 12:07 PM, Graham Leggett wrote:
Mads Toftum said:
Simple:
SSLOptions +FakeBasicAuth
And then turn on basic auth as you would for plain passwords.
FakeBasicAuth will then act as if the user entered the certificate DN as
user and password as password.
There's an example in my mod_ssl talk from ApacheCon 2004 - see page 19
of http://cvs.apache.org/~mads/ac2004/MO18mod_ssl.pdf
Read through the example - it requires a password file, which is redundant
(we already keep track of the user's identity via client cert and CRL, we
don't need to check again in a passwd file). Is there a way around this
limitation?
As you know, all FakeBasicAuth is "preload" the auth info; it still requires that authentication itself take place. So the way around it is to enable anon auth which accepts "anything" as valid. Of course, that's not too secure. So some sort of special purpose auth module, which is FakeBasicAuth awareish is required.
