SERVER: Apache 1.3.27 + mod_ssl/2.8.12
My problem:
I want to authenticate clients of my domain based on certificates
and obtain my users' usenames. I try using the two methods mentioned
in http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9
but they don't seem to be completely equivalent.
Specifically, when I try without SSLRequire and Load an authentication
module such as mod_auth_ldap or mod_auth_mysql (in order to offer
an alternate authentication schema - Satisfy any), in the browser,
a dialog window appears asking for Username/Password just after the
window for chosing the certificate.
This window (asking for username/password) does not appear
1. when I use SSLRequire directive and load other modules (but REMOTE_USER
variable is empty) and
2. when I use AuthUserFile directive and don't load the modules (but
I can't offer alternate authentication)
Apache configuration
------------------------
#LoadModule ldap_auth_module libexec/mod_auth_ldap.so
SSLCACertificatePath /etc/apache/conf/ssl.crt
SSLCACertificateFile /etc/apache/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient 0
<Directory "/apache/secure/area">
AllowOverride None
Options None
Order deny,allow
Deny from all
Allow from localnetwork
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +FakeBasicAuth
+StdEnvVars
SSLRequireSSL
#SSLRequire %{SSL_CLIENT_S_DN_O}
eq "My Organization" and \
#
%{SSL_CLIENT_S_DN_OU} eq "My Departement"
AuthName
"Certificate Authentication"
AuthType
Basic
AuthUserFile
/path/to/httpd.passwd
require
valid-user
#Satisfy any
#AuthType Basic
#AuthName "LDAP Authentication"
#LDAP_Server MyLdapServer
#LDAP_Port 389
#Base_DN "o=MyOrganization,c=GR"
#UID_Attr uid
#require valid-user
</Directory>
thanks in advance
-sophia
smime.p7s
Description: S/MIME Cryptographic Signature