[mod_auth] [patch] allow SSL clientcert authenticated users to bypass AUTH
In my setup a user can authenticate either via SSL client cert OR via AUTH.
It is redundant to ask a user that is already authenticated with an SSL clientcertificate to type again a password.
So I have added a configvariable whitelistclientcerts. If enabled, mod_auth only proceeds authentication if the user did not provide a valid certificate.
ssl.engine = "enable" ssl.pemfile = "/etc/server.pem" ssl.verifyclient.activate = "enable" ssl.verifyclient.enforce = "disable" ssl.ca-file = "/etc/rootcert.pem" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/htpasswd" auth.debug = 2 auth.whitelistclientcert = "enable" auth.require = ( "/" => ( "method" => "basic", "realm" => "foobar", "require" => "user=admin" )
[mod_auth] enable optional authz if extern authn (fixes #2481)
Set auth.extern-authn = "enable" to check REMOTE_USER (if set) against
require rules, and proceed if allowed. If REMOTE_USER is not present,
or the require rules do not match, then check configured auth scheme.
REMOTE_USER might be set by another module, e.g. mod_openssl client cert
verification and REMOTE_USER configured with ssl.verifyclient.username)
"[mod_auth] allow SSL clientcert authenticated users to bypass AUTH"
Also available in: Atom