On Tue, Oct 20, 1998, Chris Yokum wrote:
> Over the past few weeks, I've set up a SSL server using ModSSL and a Thawte
> server certificate. Things are working perfectly. My next step is to make
> client authentication work properly.
>
> What I'm wondering is if anybody else has done this before in a trustworthy
> manner. ModSSL doesn't appear to support this as well as Stronghold does.
> The FakeBasicAuth doesn't look like it will let me assign access based on
> any fields in a client cert other than the Subject. This isn't enough for me.
You're speaking about Strongholds SSL_Require directive, right? This is
already re-implemented as SSLRequire in mod_ssl 2.1b with 95% the same
functionality and Perl syntax. Grab mod_ssl 2.1b7 if you want to test it.
> Are there any known ways around this? I'd like to avoid having to mess with
> the internals of Apache or ModSSL to acomplish this. I thought about having
> a CGI script that read in the environment variables from ModSSL, and then
> granted access based on that, but I haven't seen an easy, clean way to
> allow a CGI script to grant access to webpages, other than having the CGI
> effectively 'cat filename' if access is allowed.
>
> Thanks in advance for any time spent answering this message. If I come across
> any solutions on my own, I'll definately send them along to this list.
No, don't roll your own solution. SSLRequire should be sufficient for what you
want to do. So please try it out and give us feedback. Perhaps we have to
adjust its functionality a little bit, etc.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
