I have not tried it, but there is an mod_ssl directive called SSLRequire
that you can issue to require certain aspects of the client's
certificate for access to a given area. I can't remember it off the top
of my head, but it looked like it was very powerful. For instance, you
should be able to allow access to only clients whose certificate is
signed by a particular CA, and says they are a member of a certain OU.
You can also use the standard require directive to require a certain
user name be authenticated for access to given areas. You are using the
SSLUserName directive to extract the user name from the certificate right?
Christoph Anton Mitterer wrote:
>I have the same problem. Has it been alredy solved?
>
>I'm using about the same Apache Configuration as you, Ralph. But as I
>told,... I got the same error message when using the SVN client. With
>Firefox & Co. everything works find.
>
>Perhaps off topic but I've got another question:
>Currently I'm using a combination of SSL Client Certificate and AuthType
>Basic.
>But the client certificate shows the server only if the client has
>general access to it (as far as I understood).
>I alwas need the AuthType Basic in conjunction with an user-password
>file to be able to use AuthzSVNAccessFile.
>Is it possible to ask for a Certificate Name/eMail etc. within the
>AuthzSVNAccess file?
>
>Regards,
>Christoph Anton Mitterer.
>
>Ralph Seichter wrote:
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 12 02:25:40 2005