Graham Leggett wrote:
Udo Rader wrote:

Maybe a more concrete sample can help clarify what I am talking about,
here's my approximate setup:

<Location /fooBar>
  SSLVerifyClient require
  SSLRequireSSL

  SSLOptions +FakeBasicAuth
  AuthName "Snake Oil Authentication"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPRemoteUserAttribute uid

  AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?subjectDN?one
  require valid-user
</Location>

Right, so you're trying to authenticate twice, first using certs, then
using LDAP, and you're not trying to authorise at all ("require
valid-user").

Well, I am not trying to authorize *yet* :-)

That it doesn't do (yet), but shouldn't be hard to implement. mod_ssl
needs to signal that the user has been successfully authenticated using
a cert, and mod_authnz_ldap needs to respond to the signal that the user
has been successfully authenticated using a cert, and skip the password
check if so.

Ok, so the situation has not changed in the meantime (as I had hoped :-)

I will try my luck tweaking the sources then and be back.

--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com

Reply via email to