[users@httpd] SSL and Basic Authentication

Tue, 15 Apr 2008 10:56:49 -0700 

Hi,
I am new to the apache and need help with ssl authentication. I have compiled apache2 on Mac OS X. Configured it with basic authentication and that worked fine. I enabled ssl and that worked fine. Then I generated certificates for the server and clients, installed certificates in client's browsers and that worked OK too. 


Then I tried to combine certificate authentication with basic 
authentication and that is were I run into a problem. I am not sure if 
that is possible to do? When I do that I get normal prompt form the 
server to accept the certificate, them the user name and password 
prompt. I type the user name and password, but then it comes again and 
again and prompts me for the user name and password over and over again.



When I do not use client certificate, then typing the user name and 
password works fine. Here is the section in httpd-ssl.conf where I am 
experimenting


<Directory "/usr/local/apache2/htdocs">
   Options Indexes FollowSymLinks MultiViews
   SSLVerifyClient require
   SSLVerifyDepth  1
   SSLCACertificatePath "conf/certs"
   SSLCACertificateFile "conf/certs/cwsca.crt"

   AuthType Basic
   AuthName "CoreWafer"
   AuthUserFile /usr/local/apache2/conf/passwd/passwords
   AuthGroupFile /usr/local/apache2/conf/passwd/groups
   Require group CoreWafer

   Order allow,deny
   Allow from all
</Directory>

If I disable:

   SSLVerifyClient require
   SSLVerifyDepth  1
   SSLCACertificatePath "conf/certs"
   SSLCACertificateFile "conf/certs/cwsca.crt"

then prompting for user name and password works fine. If I disable:

   AuthType Basic
   AuthName "CoreWafer"
   AuthUserFile /usr/local/apache2/conf/passwd/passwords
   AuthGroupFile /usr/local/apache2/conf/passwd/groups
   Require group CoreWafer


then using the client certificate works fine. It is when I try to use 
both, that is the client certificate and the password when I get into 
trouble.


I came a cross kx509 Web Authentication at:

http://www.dice.inf.ed.ac.uk/groups/services/web/docs/kx509.html


that appears to be doing exactly what I wanted, which is, first use the 
client certificate to open ssl channel and then prompt for user name and 
password. However, they are using module mod_auth_ssl.c that I was not 
able to track down anywhere on the Internet. Also it appears that that 
module maybe for Apache 1.3 and not for Apache 2.


Any ideas/comments can this be done and how?

Thank you very much,
Shakti





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to