Project

General

Profile

Actions

Feature #2481

closed

[mod_auth] [patch] allow SSL clientcert authenticated users to bypass AUTH

Added by arved over 11 years ago. Updated over 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
ASK QUESTIONS IN Forums:

Description

In my setup a user can authenticate either via SSL client cert OR via AUTH.

It is redundant to ask a user that is already authenticated with an SSL clientcertificate to type again a password.

So I have added a configvariable whitelistclientcerts. If enabled, mod_auth only proceeds authentication if the user did not provide a valid certificate.

Sample config:

ssl.engine = "enable" 
ssl.pemfile = "/etc/server.pem" 
ssl.verifyclient.activate  = "enable" 
ssl.verifyclient.enforce = "disable" 
ssl.ca-file = "/etc/rootcert.pem" 
auth.backend = "htpasswd" 
auth.backend.htpasswd.userfile = "/etc/htpasswd" 
auth.debug = 2
auth.whitelistclientcert = "enable" 
auth.require = ( "/" => (
                "method" => "basic",
                "realm" => "foobar",
                "require" => "user=admin" 
        )


Files

patch-whitelistclientcert (2.01 KB) patch-whitelistclientcert arved, 2013-03-11 17:54
patch-whitelistclientcert (2.03 KB) patch-whitelistclientcert Improved version arved, 2013-04-15 17:49
Actions #1

Updated by arved over 11 years ago

Improved version that does not call openssl functions if there is no SSL connection.

Actions #2

Updated by stbuehler over 11 years ago

I'd rather use something that checks whether con->authed_user (REMOTE_USER env) is already set; I think that should qualify for "user is (already) authenticated".

Actions #3

Updated by gstrauss almost 8 years ago

  • Status changed from New to Patch Pending
  • Target version set to 1.4.45
Actions #4

Updated by gstrauss almost 8 years ago

  • Target version changed from 1.4.45 to 1.4.46
Actions #5

Updated by gstrauss over 7 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom