"Sander Striker" <striker@apache.org> writes:
> I have yet to review, but you might consider offering it for inclusion
> in httpd-2.x (if you can live with the ASF license).
Your (or somebody elses) original suggestion was to write
mod_auth_ssl, which would also do authentication (e.g. by means of
require user <list of DN_CNs>
). This turned out to be unimplementable, and partially useless,
because
a) SSLRequire is already available and much more powerful than
any authorization based on solely req->user, and
b) setting req->user is not possible inside the check_user_id
hook, as mod_ssl sets the environment variables only in the
fixup hook (where mod_ssl_user installs).
That said, I'd appreciate a review, and I'm certainly willing to
produce a patch to incorporate the feature directly into mod_ssl. For
that approach, I observe that
c) mod_ssl_user might be still useful for users of older mod_ssl
installations, and
d) SSLUserName <single variable name>
might be insufficient. Some authorized users may have a CN set,
others might only have a USERID. So I have considering a syntax
like
SSLUserName VAR or VAR
with the Python semantics for "or". User feedback will hopefully
indicate whether this is really needed, or considered overkill.
Regards,
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jun 18 22:52:08 2003