On Fri, 2006-11-10 at 05:49 -0800, Adrian wrote: > Anyone else had any luck gettin certificate based login to work? Or any > pointers as to other apporaches to avoid the need to use the Basic > auth method for the login?
Hi Adrian, I've got trac set up to use SSL client certificates as the authentication scheme. It turns out that it is not all that hard. Note that I'm using Apache 2.2, and trac as a simple CGI ... The relevant portions of my httpd.conf are: ----------------snip----------------- # Don't use SSLv2, require SSLv3 or TLS. SSLProtocol all -SSLv2 # I'm allowing people without certs to connect with SSL; they wind up # unauthenticated. SSLVerifyClient optional SSLVerifyDepth 2 # username is CN component of client cert subject DN SSLUserName SSL_CLIENT_S_DN_CN SSLOptions +StdEnvVars ----------------snip----------------- ...I also added "SSLRequireSSL" to the trac-related Location and Directory blocks. Hope this helps; if you cannot get it to go, let me know -- I may have left out something important. I haven't thought about this much since I set it up. Also please CC me directly as well as replying to the group, I don't always read the list traffic. Cheers, bn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
