Am 09.09.2010 01:00, schrieb Nick Kew:
Someone asked on IRC today about seemlessly mixing SSL Client
authentication (FakeBasicAuth) with normal basic authn.
As I understood it, users without a client cert should authenticate,
but those with one would be spared the authn dialogue.
A quick look at mod_ssl reveals that FakeBasicAuth sets r->user
in an Access hook, so it's set before authn. So what the user
asks is trivial: all it needs is an authn provider that accepts
any request in which r->user is set. I've just hacked up the
smallest-ever(?) module (attached) to do that.
This could also give users flexibility to mix-and-match basic
auth with other schemes in mod_rewrite style. Or no doubt
shoot themselves in the foot.
Thoughts?
isnt this already something similar?
http://sourceforge.net/projects/modauthcertific/
Gün.
