Loading & processing server certificates, keys, trust chains, and CRLs
Request time doesn't make sense to me, unless it's implemented as a
"one-time cost" for the first use of a dynamic virtual host. Are these
virtual hosts truly dynamic? It seems that there would have to be some
a priori knowled
How about putting out a call for volunteer community maintainers and let
them take over the project. Make it clear on the home page and bug
submission pages & e-mails that ASF is leaving Bugzilla and other fora as
a courtesy to the 1.3 user community. Any concerns should be sent to the
volunteer ma
This is an alternate path that I considered in my AuthType Cert work. I didn't
choose it, because it was actually meaningful in my situation to declare a user
with an otherwise valid certificate "unauthenticated" if no matching LDAP
record could be found.
I agree with Eric that "AUTHENTICATE_"
2010 1:39 PM
> To: modules-...@httpd.apache.org
> Subject: Re: Seeking suggestions on changes to
> mod_authnz_ldap [and possibly mod_ldap] supporting X.509/LDAP
> A&A [AuthType Certificate]
>
> On Wed, Apr 21, 2010 at 12:49 PM, Thomas, Peter
> wrote:
> > When the u
When the user's certificate subject is also the DN of the LDAP object,
one can optimize search and compare operations by doing a
LDAP_SCOPE_BASE search for the object based on the subject DN. I was
able to substitute a search for the exact LDAP object in the
authentication code. For authorization
> [...] There's an old thread on this same
> subject, and a module, that you can find at
> https://sourceforge.net/projects/modauthcertific/
That's one of the prior examples I looked at in coming up with this
approach. IIRC, it depended on a rigidly defined LDAP schema.
Dictating the schema is
As promised in my note last week, I've created an updated patch attached
to my suggested feature in
https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 .
This patch works in my integration environment, tested with all Require
ldap-* directives.
Notes:
1) When using certificates we can oft
All:
I just completed an end-to-end test demonstrating authentication and
simple ["Require valid-user"] authorization mapping an X.509 certificate
to an LDAP entry using my new "mod_auth_cert" module. The module
implements "AuthType Certificate." I believe the Require ldap-*
directives will work
I added my new proposed module to modules/aaaconfig.m4, but that only
got the module build--not installed--even when --enable-auth-cert is
included in my configure options. I need to re-run buildconf, and I'm
getting a bunch of warnings such as:
autoheader: WARNING: Using auxiliary files such as
> -Original Message-
> From: William A. Rowe Jr. [mailto:wr...@rowe-clan.net]
> Sent: Friday, March 05, 2010 5:59 PM
> To: dev@httpd.apache.org
> Subject: Re: Fighting with build process 2.2.x on Sparc Solaris 10
> What if -lm is placed after libapr[util]? Not sure what is
> going on, b
> -Original Message-
> From: Ben Noordhuis [mailto:i...@bnoordhuis.nl]
> Sent: Tuesday, March 09, 2010 1:34 PM
> To: modules-...@httpd.apache.org
> Subject: Re: DSO question
>
> > What I need is to tell to APR, hey APR please find the
> function "f10"
> > in all loaded libraries, then e
Getting further [in addition to pulling down the obvious additional
dependency, libnet]:
1) check out the last released version of apr and apr-util [v1.3.9]
2) configure, build, and install apr
3) configure, build, and install apr-util [ran into a subtle problem
where installing apr-util writes ba
In order to test my certificate authentication provider code, I need to
be able to build with LDAP & SSL support. I've tried pulling
.../branches/2.2.x and .../tags/2.2.14 and working from buildconf up to
a working Makefile to no avail.
I've installed every dependency I can find, added every appr
-Pete
> _
> From: Thomas, Peter
> Sent: Wednesday, March 03, 2010 4:20 PM
> To: 'modules-...@httpd.apache.org'
> Subject: X.509 certificate against LDAP authentication
>
> Looking at some of the prior work in this ar
The trick with any such thing is in protecting yourself from attack.
Consider...you could fork, let the parent continue on its business, disown
the child, and do your work there. Easy in terms of lines of code, but
expensive (forks) and potentially hazardous.
You could create a thread pool to do t
s the user.]
--Pete
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Monday, February 22, 2010 12:23 PM
To: dev@httpd.apache.org
Subject: Re: [PATCH 48780] Input and improvements requested for suggested
enhancement 48780
On Mon, Feb 22, 2010 at 12:15 PM, Thomas, Peter wrote:
08 PM
To: dev@httpd.apache.org
Subject: Re: [PATCH 48780] Input and improvements requested for suggested
enhancement 48780
On Mon, Feb 22, 2010 at 11:46 AM, Thomas, Peter wrote:
> [ c.f. https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 ]
>
> Eric Covener has commented, and I repl
[ c.f. https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 ]
Eric Covener has commented, and I replied, to my suggested enhancement
for mod_auth_ldap. In this case, I am attempting to use LDAP for
authorization, accepting authentication from another provider--this
would most typically be mod
18 matches
Mail list logo