Bug#310650: Acknowledgement (apache2-mpm-prefork: SSLUserName directive does not change REMOTE_USER)
To confirm, I tested a simple perl cgi script on my girlfriend's debian machine with a similar cert setup. The perl script just printed all of the environment variables; she was running apache2-common: Installed: 2.0.52-3 and the associated server binaries. We would get: REMOTE_USER = Erica H Peterson REQUEST_URI = /cgi-bin/test.pl SERVER_SIGNATURE = Apache/2.0.52 (Debian GNU/Linux) DAV/2 SVN/1.1.4 mod_ssl/2.0.52 OpenSSL/0.9.7e Server at gcwiki.mit.edu Port 443 from the script; an apt-get update/upgrade later, we had: REMOTE_USER = /C=US/ST=Massachusetts/O=Massachusetts Institute of Technology/OU=Client CA v1/CN=Erica H Peterson/[EMAIL PROTECTED] REQUEST_URI = /cgi-bin/test.pl SERVER_SIGNATURE = Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.1.4 mod_ssl/2.0.54 OpenSSL/0.9.7e Server at gcwiki.mit.edu Port 443 so this time I'm 100% sure I didn't change anything in the config files between updates :) ...Eric -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
refill your prescription online
refill your prescription online http://pxequp.9ockdarkojrhdar.pictilpict4.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#310650: apache2-mpm-prefork: SSLUserName directive does not change REMOTE_USER
Package: apache2-mpm-prefork Version: 2.0.54-4 Severity: important Up until yesterday I was using the configuration setting: SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth SSLUserName SSL_CLIENT_S_DN_Email AuthName "Soma Authentication" AuthType Basic AuthUserFile /soma/projects/soma/httpd.password require valid-user and Apache would rewrite the REMOTE_USER environment variable to be the e-mail address included in the client cert. According to the apache docs, this is the expected behavior. However, after an apt-get upgrade, this behavior no longer works, and instead REMOTE_USER is always the full DN of the cert. I have tested this with both a cgi perl script and two different test scripts under mod_python, so it appears to not be confined to either of those. Our entire authentication system was based on first validating certs against the httpd.password file using fakebasic auth and then passing on the E-mail address to our code as a unique ID for the user. Has anyone else had this problem? I've also tried with other cert fields (such as CN) to no avail. Thanks! ...Eric -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11.3-modulation-acpi Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Italian Rolex order Blair
REPLICASONLINE - WE NEVER COMPROMISE ON QUALITY Rolex replica is our speciality We guarantee lowest prices and highest quality We are the Direct manufacturers. For top quality rolex watchs pleas visit: http://www.ultimatetimepiece4u.net cosy xa slung vxq [2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Extra power. Don't think. Just act.
36 hours: for all your needs :) http://maintenances.healthsolutins.info/?steamyxtvuywiltingzctquadrupled Little magic. Perfect weekends. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Buyer beware - Penis patches!^
Buyer beware - Penis patches! http://www.terima.net/ss/ Experience more powerful orgasms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bring on the best software...at the most reasonable prices! k
Isn't OEM software great at our online store? http://rensselaer.cateelcate3.com/?ve141Mv0AzCUN_vcomatose Create exciting interactive websites for just pennies: Macromedia Dreamweaver MX 2004 AND Flash MX 2004 only $100.00 for both http://rensselaer.cateelcate3.com/?ve141Mv0AzCUN_vcomatose dont want http://seduction.untowncjaad.com/eastwood?AjCF6R45F8HtmA4carthage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
