Feature #2481
closed[mod_auth] [patch] allow SSL clientcert authenticated users to bypass AUTH
ASK QUESTIONS IN Forums:
Description
In my setup a user can authenticate either via SSL client cert OR via AUTH.
It is redundant to ask a user that is already authenticated with an SSL clientcertificate to type again a password.
So I have added a configvariable whitelistclientcerts. If enabled, mod_auth only proceeds authentication if the user did not provide a valid certificate.
Sample config:
ssl.engine = "enable"
ssl.pemfile = "/etc/server.pem"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
ssl.ca-file = "/etc/rootcert.pem"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/htpasswd"
auth.debug = 2
auth.whitelistclientcert = "enable"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "foobar",
"require" => "user=admin"
)
Files
Updated by arved over 7 years ago
Improved version that does not call openssl functions if there is no SSL connection.
Updated by stbuehler over 7 years ago
I'd rather use something that checks whether con->authed_user (REMOTE_USER env) is already set; I think that should qualify for "user is (already) authenticated".
Updated by gstrauss almost 4 years ago
- Status changed from New to Patch Pending
- Target version set to 1.4.45
Updated by gstrauss over 3 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset f54d628cd53fdd8a09ec1e3d448a1f39a5424463.
Also available in: Atom