On Thu, 09 Sep 2010 16:51:00 +0200 Guenter Knauf <fua...@apache.org> wrote:
> Am 09.09.2010 01:00, schrieb Nick Kew: > > Someone asked on IRC today about seemlessly mixing SSL Client > > authentication (FakeBasicAuth) with normal basic authn. > > As I understood it, users without a client cert should authenticate, > > but those with one would be spared the authn dialogue. > > > > A quick look at mod_ssl reveals that FakeBasicAuth sets r->user > > in an Access hook, so it's set before authn. So what the user > > asks is trivial: all it needs is an authn provider that accepts > > any request in which r->user is set. I've just hacked up the > > smallest-ever(?) module (attached) to do that. > > > > This could also give users flexibility to mix-and-match basic > > auth with other schemes in mod_rewrite style. Or no doubt > > shoot themselves in the foot. > > > > Thoughts? > isnt this already something similar? > http://sourceforge.net/projects/modauthcertific/ Looking at that, I see it implements its own protocol and hooks, including changing r->ap_auth_type on-the-fly. I could be wrong, but it doesn't look like something that'll integrate well with mod_auth_basic and authn providers. -- Nick Kew
