Re: Announcing mod_ssl_user

From: Martin v. Löwis <martin_at_v.loewis.de>
Date: 2003-06-18 22:42:07 CEST

Ben Collins-Sussman <sussman@collab.net> writes:

> So this means that Subversion repositories no longer need to require
> "Basic Auth" credentials over SSL? They have other options now?

It was always the case that you can use SSL client authentication over
mod_dav_svn. For example, our repository had for quite some time

SSLRequire %{SSL_CLIENT_I_DN} eq "/C=DE/L=Potsdam/O=Hasso-Plattner-Institut/OU=OSM/CN=HPI OSM Client Authentication CA" && \
%{SSL_CLIENT_S_DN_CN} in { \
"Martin von Loewis", "Peter Troeger", "Michael Dirska"}

This would allow access to all the listed users (assuming that our CA
always fills out the CN properly, which it does).

So far, even though authentication succeeded properly, Subversion
would log "(no author)", meaning that users would have to provide
Basic auth *on top of that*. This was very unfortunate, since users
were already authenticated...

With that module, no need for transmitting passwords exists anymore;
just authenticating with the SSL certificate is sufficient.

Now, if I could get SVN to use the Windows CryptoAPI certificate
storage, instead of requiring PKCS12 files read by OpenSSL...

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jun 18 22:43:05 2003

This message: [ Message body ]
Next message: Martin v. Löwis: "Re: Announcing mod_ssl_user"
Previous message: Volker Voßkämper: "svn+ssh fails with 0.24.1"
In reply to: Ben Collins-Sussman: "Re: Announcing mod_ssl_user"
Next in thread: Daniel Patterson: "Re: Announcing mod_ssl_user"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]