Over the past few weeks, I've set up a SSL server using ModSSL and a Thawte
server certificate. Things are working perfectly. My next step is to make
client authentication work properly.
What I'm wondering is if anybody else has done this before in a trustworthy
manner. ModSSL doesn't appear to support this as well as Stronghold does.
The FakeBasicAuth doesn't look like it will let me assign access based on
any fields in a client cert other than the Subject. This isn't enough for me.
Are there any known ways around this? I'd like to avoid having to mess with
the internals of Apache or ModSSL to acomplish this. I thought about having
a CGI script that read in the environment variables from ModSSL, and then
granted access based on that, but I haven't seen an easy, clean way to
allow a CGI script to grant access to webpages, other than having the CGI
effectively 'cat filename' if access is allowed.
Thanks in advance for any time spent answering this message. If I come across
any solutions on my own, I'll definately send them along to this list.
Chris Yokum
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
