Hello, The following patch against trunk adds a directive "AuthBasicUserFromSSL" (On/Off) to mod_auth_basic. Setting this to "On" would skip authentication if r->user is set by mod_ssl. This is needed when using client certificates for authentication, because in this case you don't get any password from the user, which you can use to authenticate. Well, there is FakeBasicAuth, but setting the password to "password" for every user in a directory is definitely no solution.
Would be nice if we could include this in 2.2.x too. The affected code is basically similar. See also discussion at http://mail-archives.apache.org/mod_mbox/httpd-dev/200807.mbox/[EMAIL PROTECTED] Configuration may look like this: <Location /secret_area> SSLUserName SSL_CLIENT_S_DN_CN SSLVerifyClient require AuthType Basic AuthName "Test" AuthBasicUserFromSSL On AuthBasicProvider ldap AuthLDAPUrl ldap://myldapserver.company.com:389/ou=Users,o=COMPANY,c=COM?uid?sub AuthLDAPBindDN cn=myUser,ou=users,o=COMPANY,c=COM AuthLDAPBindPassword myPassword require ldap-group cn=mygroup,ou=Groups,o=COMPANY,c=COM </Location> Greetings, Johannes Müller
mod_auth_basic.patch
Description: mod_auth_basic.patch
