[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Logging SSL-authenticated users

From: Sander Striker <striker_at_apache.org>
Date: 2003-05-15 09:29:43 CEST

> From: David Waite [mailto:mass@akuma.org]
> Sent: Wednesday, May 14, 2003 11:54 PM

> This gives an author of "(no author)"


When this option is enabled, the Subject Distinguished Name (DN) of the
Client X509 Certificate is translated into a HTTP Basic Authorization
username. This means that the standard Apache authentication methods
can be used for access control. The user name is just the Subject of
the Client's X509 Certificate (can be determined by running OpenSSL's
openssl x509 command: openssl x509 -noout -subject -in certificate.crt).
Note that no password is obtained from the user. Every entry in the
user file needs this password: ``xxj31ZMTZzkVA'', which is the
DES-encrypted version of the word `password''. Those who live under
MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.)
should use the following MD5 hash of the same word:

So apparently your certs Subject DN is empty.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu May 15 09:30:39 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.