[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Announcing mod_ssl_user

From: Martin v. L÷wis <martin_at_v.loewis.de>
Date: 2003-06-18 22:51:13 CEST

"Sander Striker" <striker@apache.org> writes:

> I have yet to review, but you might consider offering it for inclusion
> in httpd-2.x (if you can live with the ASF license).

Your (or somebody elses) original suggestion was to write
mod_auth_ssl, which would also do authentication (e.g. by means of
require user <list of DN_CNs>
). This turned out to be unimplementable, and partially useless,
a) SSLRequire is already available and much more powerful than
   any authorization based on solely req->user, and
b) setting req->user is not possible inside the check_user_id
   hook, as mod_ssl sets the environment variables only in the
   fixup hook (where mod_ssl_user installs).

That said, I'd appreciate a review, and I'm certainly willing to
produce a patch to incorporate the feature directly into mod_ssl. For
that approach, I observe that
c) mod_ssl_user might be still useful for users of older mod_ssl
   installations, and
d) SSLUserName <single variable name>
   might be insufficient. Some authorized users may have a CN set,
   others might only have a USERID. So I have considering a syntax
   SSLUserName VAR or VAR
   with the Python semantics for "or". User feedback will hopefully
   indicate whether this is really needed, or considered overkill.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jun 18 22:52:08 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.