Actions
Feature #2481
closed[mod_auth] [patch] allow SSL clientcert authenticated users to bypass AUTH
ASK QUESTIONS IN Forums:
Description
In my setup a user can authenticate either via SSL client cert OR via AUTH.
It is redundant to ask a user that is already authenticated with an SSL clientcertificate to type again a password.
So I have added a configvariable whitelistclientcerts. If enabled, mod_auth only proceeds authentication if the user did not provide a valid certificate.
Sample config:
ssl.engine = "enable"
ssl.pemfile = "/etc/server.pem"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
ssl.ca-file = "/etc/rootcert.pem"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/htpasswd"
auth.debug = 2
auth.whitelistclientcert = "enable"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "foobar",
"require" => "user=admin"
)
Files
Updated by arved about 10 years ago
Improved version that does not call openssl functions if there is no SSL connection.
Updated by stbuehler almost 10 years ago
I'd rather use something that checks whether con->authed_user (REMOTE_USER env) is already set; I think that should qualify for "user is (already) authenticated".
Updated by gstrauss over 6 years ago
- Status changed from New to Patch Pending
- Target version set to 1.4.45
Updated by gstrauss over 6 years ago
- Target version changed from 1.4.45 to 1.4.46
Updated by gstrauss over 6 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset f54d628cd53fdd8a09ec1e3d448a1f39a5424463.
Actions
Also available in: Atom