Hello,
there has been an increasing number of requests concerning a certificate
based authentication / authorization for the Apache httpd in the past few
weeks.
As you might remember, I started a discussion around that topic in July
2008.
Because of the somewhat missing interest on the mailing list at that time I
haven't persued this issue any longer.
This has changed lately. Therefore I decided to spend some hours on
finishing a
new authentication module called mod_auth_certificate
Please feel free to download it at*
https://sourceforge.net/projects/modauthcertific/
*You will also find some kind of short documentation in the archive.
*Features:*
- Works with Apache 2.0 / 2.2 / 2.3-trunk
- Apache sources won't have to be patched
- Supports fallback to basic authentication in case of cert auth failure
- Should work with all authorization modules coming with Apache (though I
wasn't able to check all of them).
- Easy to install without recompiling Apache
- Extremely easy to configure
My intention in this announcement is to arouse increased interest in
that topic by
providing something usable to the list. I still believe that better
native support for
client certificate based authentication and authorization will in future
offer
improved chances to the Apache webserver. I can think of smartcards
being an
increasingly used SSO alternative to NTLM especially in heterogeneous
environments.
I would appreciate it if you could take a look at the module and leave your
comments here.
Please note that this program is open source software and was released
under the
GPL.
Also my employer has nothing to do with the release of this work. It has
become
my private pleasure now :-)
Thanks and Greetings,
Johannes Müller
