About HTTP authentication and usernames

From: Mukund <mukund_at_tessna.com>
Date: 2003-07-28 11:49:06 CEST

Hi all

A repository can be used with or without client authentication. When
clients are not authenticated, only reads can be performed and portions
of the repository are restricted from access. I am using
"SSLVerifyClient optional" with mod_ssl in Apache for this.

I would like to know opinions of people on this list about SSL client
authentication using X.509 certificates, and how information in these
certificates can be used with Subversion.

Recently, there was a post of an Apache module which'd let fields in the
DN to be used as the username. I am familiar with
+FakeBasicAuthentication in mod_ssl in Apache.

1. Does Subversion support usernames with the format "user@domain.com"
(without the quotes)? With this I would assume one can use the Email
portion of the Subject DN to act as a username.

2. I am familar with the StrongExtranet feature of Thawte. There's a
module in the mod_ssl distribution (at www.modssl.org for Apache 1.3.xx)
called sxnet.tar written by Thawte which uses an extra OID to contain
usernames and other info. Can any users who are familar with such
describe the best way in their opinion to use information in the
certificate as usernames?

Mukund

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jul 28 11:51:35 2003

This message: [ Message body ]
Next message: Mukund: "Re: About HTTP authentication and usernames"
Previous message: Jim Cromie: "Error: I got "svn: Transaction is out of date""
Next in thread: Mukund: "Re: About HTTP authentication and usernames"
Reply: Mukund: "Re: About HTTP authentication and usernames"
Reply: Martin v. Löwis: "Re: About HTTP authentication and usernames"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]