Re: Client authentication and authorization using client certificates
Johannes great news, mod_auth_certificate works ! I reckon you need => httpd-2.2.14 in order to use the UID. See BUG https://issues.apache.org/bugzilla/show_bug.cgi?id=45107 Initially I decided to wait for Fedora 13 with httpd-2.2.14 where they say the above BUG is fixed in HTTPD. In the end I tested with an unofficial version of httpd-2.2.14 on Fedora 12. Good work, Dave --- Johannes Müller wrote: > > Eric Covener wrote: >> On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller wrote: >> >>> Yes should be no problem. Relicensing means I'll also have to remove >>> current >>> the current >>> version and SVN revisions so there is no problem if someone already >>> downloaded the >>> GPLed release? >>> >> >> IANAL: I don't see why, they're free to use it under those terms, and >> you're free to change the terms of any subsequent release (or prior >> release to other parties!) >> >> > > > Released version 0.2 of mod_auth_certificate under Apache License 2.0 > Download at https://sourceforge.net/projects/modauthcertific/ > > Any comments? > > Greetings, > Johannes > > -- View this message in context: http://old.nabble.com/Client-authentication-and-authorization-using-client-certificates-tp24058416p27919447.html Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.
Re: Client authentication and authorization using client certificates
Eric Covener wrote: On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller wrote: Yes should be no problem. Relicensing means I'll also have to remove current the current version and SVN revisions so there is no problem if someone already downloaded the GPLed release? IANAL: I don't see why, they're free to use it under those terms, and you're free to change the terms of any subsequent release (or prior release to other parties!) Released version 0.2 of mod_auth_certificate under Apache License 2.0 Download at https://sourceforge.net/projects/modauthcertific/ Any comments? Greetings, Johannes
Re: Client authentication and authorization using client certificates
On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller wrote: > Yes should be no problem. Relicensing means I'll also have to remove current > the current > version and SVN revisions so there is no problem if someone already > downloaded the > GPLed release? IANAL: I don't see why, they're free to use it under those terms, and you're free to change the terms of any subsequent release (or prior release to other parties!) -- Eric Covener cove...@gmail.com
Re: Client authentication and authorization using client certificates
Ruediger Pluem wrote: On 06/16/2009 11:24 PM, Johannes Müller wrote: Eric Covener wrote: On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller wrote: Hello, Please note that this program is open source software and was released under the GPL. Regarding the license: That's going to prevent some interested parties from clicking through, much less contributing to it. Better one would be Apache License 2.0 right? Correct. So relicensing it to Apache License 2.0 brings you in a better position here. AFAIU you are the only author and contributor to this module so far. So this should be easy. Regards Rüdiger Yes should be no problem. Relicensing means I'll also have to remove current the current version and SVN revisions so there is no problem if someone already downloaded the GPLed release? Greetings Johannes
Re: Client authentication and authorization using client certificates
On 06/16/2009 11:24 PM, Johannes Müller wrote: > Eric Covener wrote: >> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller wrote: >> >>> Hello, >>> Please note that this program is open source software and was >>> released under >>> the GPL. >>> >> >> Regarding the license: That's going to prevent some interested >> parties from clicking through, much less contributing to it. >> >> > Better one would be Apache License 2.0 right? Correct. So relicensing it to Apache License 2.0 brings you in a better position here. AFAIU you are the only author and contributor to this module so far. So this should be easy. Regards Rüdiger
Re: Client authentication and authorization using client certificates
On Tue, Jun 16, 2009 at 5:24 PM, Johannes Müller wrote: > Eric Covener wrote: >> >> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller wrote: >> >>> >>> Hello, >>> Please note that this program is open source software and was released >>> under >>> the GPL. >>> >> >> Regarding the license: That's going to prevent some interested >> parties from clicking through, much less contributing to it. >> >> > > Better one would be Apache License 2.0 right? > I'm not too deep into license issues... That would remove the barrier and match the in-tree modules (if there's no strong preference for another license, and the code is yours to relicense) -- Eric Covener cove...@gmail.com
Re: Client authentication and authorization using client certificates
Eric Covener wrote: On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller wrote: Hello, Please note that this program is open source software and was released under the GPL. Regarding the license: That's going to prevent some interested parties from clicking through, much less contributing to it. Better one would be Apache License 2.0 right? I'm not too deep into license issues...
Re: Client authentication and authorization using client certificates
On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller wrote: > Hello, > Please note that this program is open source software and was released under > the GPL. Regarding the license: That's going to prevent some interested parties from clicking through, much less contributing to it. -- Eric Covener cove...@gmail.com
Client authentication and authorization using client certificates
Hello, there has been an increasing number of requests concerning a certificate based authentication / authorization for the Apache httpd in the past few weeks. As you might remember, I started a discussion around that topic in July 2008. Because of the somewhat missing interest on the mailing list at that time I haven't persued this issue any longer. This has changed lately. Therefore I decided to spend some hours on finishing a new authentication module called mod_auth_certificate Please feel free to download it at* https://sourceforge.net/projects/modauthcertific/ *You will also find some kind of short documentation in the archive. *Features:* - Works with Apache 2.0 / 2.2 / 2.3-trunk - Apache sources won't have to be patched - Supports fallback to basic authentication in case of cert auth failure - Should work with all authorization modules coming with Apache (though I wasn't able to check all of them). - Easy to install without recompiling Apache - Extremely easy to configure My intention in this announcement is to arouse increased interest in that topic by providing something usable to the list. I still believe that better native support for client certificate based authentication and authorization will in future offer improved chances to the Apache webserver. I can think of smartcards being an increasingly used SSO alternative to NTLM especially in heterogeneous environments. I would appreciate it if you could take a look at the module and leave your comments here. Please note that this program is open source software and was released under the GPL. Also my employer has nothing to do with the release of this work. It has become my private pleasure now :-) Thanks and Greetings, Johannes Müller