Actions
Feature #2481
closed[mod_auth] [patch] allow SSL clientcert authenticated users to bypass AUTH
ASK QUESTIONS IN Forums:
Description
In my setup a user can authenticate either via SSL client cert OR via AUTH.
It is redundant to ask a user that is already authenticated with an SSL clientcertificate to type again a password.
So I have added a configvariable whitelistclientcerts. If enabled, mod_auth only proceeds authentication if the user did not provide a valid certificate.
Sample config:
ssl.engine = "enable" ssl.pemfile = "/etc/server.pem" ssl.verifyclient.activate = "enable" ssl.verifyclient.enforce = "disable" ssl.ca-file = "/etc/rootcert.pem" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/htpasswd" auth.debug = 2 auth.whitelistclientcert = "enable" auth.require = ( "/" => ( "method" => "basic", "realm" => "foobar", "require" => "user=admin" )
Files
Updated by arved almost 10 years ago
Improved version that does not call openssl functions if there is no SSL connection.
Updated by stbuehler over 9 years ago
I'd rather use something that checks whether con->authed_user
(REMOTE_USER
env) is already set; I think that should qualify for "user is (already) authenticated".
Updated by gstrauss about 6 years ago
- Status changed from New to Patch Pending
- Target version set to 1.4.45
Updated by gstrauss about 6 years ago
- Target version changed from 1.4.45 to 1.4.46
Updated by gstrauss almost 6 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset f54d628cd53fdd8a09ec1e3d448a1f39a5424463.
Actions
Also available in: Atom