Re: [ssl-users] Apache & Client Auth.

Thu, 16 Apr 1998 08:05:49 -0400 

Another thing you could do if you were so inclined is to write a small
module that authenticates based on cookies. If the cookie wasn't found, it
bounces you do a different virtual server to 'log in' that would check your
cert, issue a cookie then bounce you back to the page in question, which
uses 'normal' SSL.

This also has the side effect that if your client does not yet have a cert,
you can have him log in the old fashioned way - username,password. A
possible negative is that the client may be behind some type of proxy that
doesn't allow cookies...

I am sure there are other negatives as well.

Tim
-----Original Message-----
From: Holger Reif <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, April 16, 1998 12:31 AM
Subject: Re: [ssl-users] Apache & Client Auth.


>Kristofer A. E. Peterson wrote:
>>
>> While we're on this topic, is it possible to configure Apache-SSL to only
>> request client authentication for certain directories and URL's? As far
as
>> I can tell, you can only specify client authentication for an entire
server
>> (or virtual server.)
>
>Difficult since the server don't know the URL during the initial handshake.
>It would be posisble to start a renegotiation after the requested URL is
>known and insist on getting a client cert but I guess that would bring up
>lots of problems and incompatibilities...
>
>--
>read you later  -  Holger Reif
>------------------------------------ Signaturprojekt Deutsche Einheit
>TU Ilmenau - Informatik - Telematik                (Verdamp lang her)
>[EMAIL PROTECTED]          Alt wie ein Baum werden, um ueber
>Remus.PrakInf.TU-Ilmenau.DE/Reif/    alle 7 Bruecken gehen zu koennen
>+-------------------------------------------------------------------------+
>| Administrative requests should be sent to [EMAIL PROTECTED] |
>| List service provided by Open Software Associates, http://www.osa.com/  |
>+-------------------------------------------------------------------------+
>

+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to