-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am trying to setup a RESTful web service where GET is open to all but POST, PUT, and DELETE are restricted to authorized users. I have a database of users that is checked using Basic Auth. So far, so good. I *also* want to make it possible to issue certificates (from a home-rolled CA) to users if they wish, so they can bypass the username/password dialogues. Try as I might, I simply cannot get an either/or setup working where certs are checked and basic auth is skipped if a valid cert is found. No matter what, the Basic Auth dialog always appears. It also appears that the <Limit> directive does not work with RequireSSL directives? Is there a way to limit only certain methods using SSL? I've tried +FakeBasicAuth but then the database lookup code rejects the username (of course). Here's what my config looks like right now. I would really appreciate any pointers or suggestions. Thanks so much for your time.
- --BEGIN CONFIG-- <Directory "/home/html/games/rest"> SSLOptions +StdEnvVars AllowOverride all Order deny,allow Allow from all Satisfy any SSLRequireSSL SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 SSLRequire ( \ %{SSL_CLIENT_S_DN_O} eq "Super Duper Games" \ and %{SSL_CLIENT_S_DN_OU} eq "REST Server" \ ) AuthType Basic AuthBasicProvider dbd AuthDBDUserPWQuery "SELECT encrypt(password) FROM users WHERE username=%s" AuthName "Super Duper Games" <limit PUT POST DELETE> Require valid-user </limit> </Directory> - --END CONFIG-- - -- Aaron Dalton | Super Duper Games [EMAIL PROTECTED] | http://superdupergames.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: My Key: http://biglumber.com/x/web?qs=8811d2a4 Comment: My Website: http://superdupergames.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkanaRIACgkQvlYKTYgR0qRbNQCgmgRcKYDpb9YxlDXp8drI397S HckAoLgiYckfCBAAudqG2FmehACpXq4Q =LthK -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature