I'm trying to do the same thing, and have got part of the way there. Using FakeBasicAuth I can get to the point where it is not necessary to type a username/password in. However, the system then logs in using a full x509 DN as the username, which isn't at all useful since it's a huge long string and it isn't the same string that the user would use to access to subversion repository.
I've tried using SSLUserName to try and pull out a component from the full DN (for example the CN - Common Name) but this simply DOES NOT WORK. A bit of googling reveals that this was a bug in either apache or mod_ssl in the Apache 2.0 tree, which was apparently fixed. I'm using Apache 2.2 so I wonder whether that branched before the bug was fixed in the 2.0 tree? If I get this to work then the last part of the jigsaw is to get back to a sensible login name that will match the Unix username users are using for SVN access. I'd planned on making certificates with a UID field giving the username and using that. However, it looks as if that is going to be a whole other can of worms: http://henning.schmiedehausen.org/wingnut-diaries/archives/category/global-english/internet-stuff/ (See the When UID is not UID section) Anyone else had any luck gettin certificate based login to work? Or any pointers as to other apporaches to avoid the need to use the Basic auth method for the login? Adrian insitu wrote: > Hi to all, > I am new to using trac and I would like to use apache SSL > authentication mechanism to automatically login users based on their > certificate (kind of poor man's SSO). There exists an option in > apache2 called FakeBasicAuth which uses user name from the certificate > and dummy password to identify users: it works with dav_svn but does > not seem to work in trac. > > Does anybody knows how to make this work ? > > thanks, > -- > OQube < software engineering \ génie logiciel > > Arnaud Bailly, Dr. > \web> http://www.oqube.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
