> In particular, the authn_provider struct doesn't seem well-suited to > non-password-based authentication mechanisms. Should I avoid that part > of the framework altogether, not call ap_register_auth_provider at all, > and just manually set r->user via ap_hook_check_authn(), or should I be > thinking about this a different way? >
That is the conclusion I came to for a similar mod. I use an alternate proprietary SSL module and do not like fakebasic or SSLUsername: https://github.com/covener/apache-modules/blob/master/mod_authn_cert.c This relies on ssl_var_lookup via the expression parser. Hopefully mod_gnutls implements these ssl optional functions.
