I'm trying to write an apache authentication module that uses client certificates for authentication. Basically, all I'm trying to do is use what mod_ssl does for cert verification, and then set REMOTE_USER. I wrote to the list last week about a segfault, which was resolved thanks to the help you guys gave me. Now I am stuck with a problem that is likely a logic error on my part, but I have a feeling that my problem stems from a misunderstanding of how apache is supposed to work. Since my module is very short, I'll include it in this email, along with the relevant contents of my error_log, in the hopes that someone might be able to point me in the right direction. Thanks!
-------my module, AuthNx509.pm------------ package Apache::AuthNx509; use strict; use Apache::Constants qw(:common); use Text::ParseWords qw(quotewords); use Apache::Log (); sub handler { my $r = shift; my $c = $r->connection; my $log = $r->log; my $certcomponent = $r->dir_config('CertComponent') || 'SSL_CLIENT_S_DN_O'; my $certcompvalue = $r->dir_config('CertComponentValue') || 'University of Wisconsin'; my $usercomponent = $r->dir_config('RemoteUserCertComponent') || 'SSL_CLIENT_S_DN_CN'; my $uri = $r->uri; return unless $r->is_main(); my $subr = $r->lookup_uri($uri); my $apachecertcomp = $subr->subprocess_env($certcomponent); $log->notice("hello: $apachecertcomp"); if ($apachecertcomp eq $certcompvalue) { $log->notice("$certcompvalue good"); $c->user = $r->subprocess_env->{$usercomponent}; $log->notice("$c->user logged in successfully"); return OK; } $log->notice("cert no good: $r->subprocess_env->{$certcomponent}"); my $reason = "Client Cert not in correct form"; $r->note_basic_auth_failure; $r->log_reason($reason, $r->filename); return DECLINED; } 1; __END__ ------------------------------ error log data: Thu Jun 5 14:57:11 2003] [notice] [client 128.104.16.134] hello: [Thu Jun 5 14:57:11 2003] [notice] [client 128.104.16.134] cert no good: Apache=SCALAR(0x8100308)->subprocess_env->{SSL_CLIENT_S_DN_C} [Thu Jun 5 14:57:11 2003] [error] access to /var/www/html/test failed for 128.104.16.134, reason: Client Cert not in correct form [Thu Jun 5 14:57:13 2003] [notice] [client 128.104.16.134] hello: [Thu Jun 5 14:57:13 2003] [notice] [client 128.104.16.134] cert no good: Apache=SCALAR(0x8100308)->subprocess_env->{SSL_CLIENT_S_DN_C} [Thu Jun 5 14:57:13 2003] [error] access to /var/www/html/test failed for 128.104.16.134, reason: Client Cert not in correct form [Thu Jun 5 14:57:13 2003] [crit] [client 128.104.16.134] configuration error: couldn't check user. No user file?: /test/ configuration data (in a <Directory> statement): SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StrictRequire SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 # Force clients to use HTTPS RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* - [F] AuthName Test AuthType Basic PerlAuthenHandler Apache::AuthNx509 PerlSetVar CertComponent SSL_CLIENT_S_DN_C PerlSetVar CertComponentValue US PerlSetVar RemoteUserCertComponent SSL_CLIENT_S_DN_CN require valid-user Any ideas would be most appreciated. Thanks again! --Ryan