I noticed that the fully qualified distinguished name was used as the user
id for commits to the subversion repository. I also noticed that there was
no obvious solution for changing the user id using FakeBasicAuth. However,
after a couple of hours of searching I did find a solution using some perl
You need at least the following:
mod_perl 2.0 (mod_perl 1.0 won't work)
1. Get your client certificates working with subversion.
Namely don't attempt this until you are sure you can at least get one
successful commit with the distinguished name (DN) as the user id.
2. Add the following perl module to you perl lib. Mine was in
Include every thing between >>>>>> Code Start and >>>>>> Code End
>>>>>>Code Start : /usr/lib/perl5/numaxima/Auth.pm
# Based on http://www.modpython.org/pipermail/mod_python/2003-October/014244.html
# Environment Variables:
use Apache::Const qw(:common);
use Apache::RequestUtil ();
use Apache::RequestRec ();
use Apache::SubRequest ();
use APR::Table ();
use Apache::Log ();
my $r = shift;
return OK unless $r->is_initial_req();
my $subr = $r->lookup_uri($r->unparsed_uri());
my $env = $subr->subprocess_env;
my $certu = $env->get($r->dir_config("ClientCertUserVar"));
my $username = $certu;
$r->log->info("Client Certificate Username:", $certu);
$r->user( $username );
>>>>>>Code End : /usr/lib/perl5/numaxima/Auth.pm
3. Change your Apache2 SSL Configuration File (e.g. ssl.conf, etc)
You can use any SSL Variable to set the user id. I have choosen
SSL_CLIENT_S_DN_EMAIL, but SSL_CLIENT_S_DN_CN is probably also useful.
Note you must have: SSLOptions +StdEnvVars
Note: the user id will be logged at the 'info' log level in your
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
PerlSetVar ClientCertUserVar "SSL_CLIENT_S_DN_EMAIL"
AuthName "SSL Client Certificate"
4. Test that you can still get to your repository through the browser
5. Test a checkout
6. Test a commit
7. Review your commit with $svn log <the file you commited>
ps. Sorry if this ends up posted twice. My first attempt seems to have failed.
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Sun Jan 2 19:58:31 2005