Re: Announcing mod_ssl_user

From: Martin v. Löwis <martin_at_v.loewis.de>
Date: 2003-06-20 20:34:48 CEST

Mukund <mukund@tessna.com> writes:

> Personally, I would like an option to use an extension to specify
> the username in client certificates rather than fields in the subject DN.
> This is because we already use the fields in the subject DN (CN to indicate
> the real name of the person for example).

Well, we have apparently different ideas of what a user name is. To
me, the "real name of the person" is a much better user name than
any "username". For example, having the real name of the person show
up in 'svn log' is much better than having its userid being logged.

So I set

SSLUserName SSL_CLIENT_S_DN_CN

in httpd.conf, and get all users logged with their real names. Why
would I want to log account names instead?

> Does mod_ssl support reading extension fields into environment variables?

There is an environment variable copying the entire certificate, if
you want that. Copying specific extension fields is not supported.

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 20 20:35:54 2003

This message: [ Message body ]
Next message: Branko ÄŒibej: "Re: Subversion 0.24.2 released."
Previous message: kfogel_at_collab.net: "Re: introducing myself..."
In reply to: Mukund: "Re: Announcing mod_ssl_user"
Next in thread: Colin Watson: "Re: Announcing mod_ssl_user"
Reply: Colin Watson: "Re: Announcing mod_ssl_user"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]