Graham Leggett wrote:
> Udo Rader wrote:
>> Maybe a more concrete sample can help clarify what I am talking about,
>> here's my approximate setup:
>> <Location /fooBar>
>> SSLVerifyClient require
>> SSLOptions +FakeBasicAuth
>> AuthName "Snake Oil Authentication"
>> AuthType Basic
>> AuthBasicProvider ldap
>> AuthLDAPRemoteUserAttribute uid
>> AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?subjectDN?one
>> require valid-user
> Right, so you're trying to authenticate twice, first using certs, then
> using LDAP, and you're not trying to authorise at all ("require
Well, I am not trying to authorize *yet* :-)
> That it doesn't do (yet), but shouldn't be hard to implement. mod_ssl
> needs to signal that the user has been successfully authenticated using
> a cert, and mod_authnz_ldap needs to respond to the signal that the user
> has been successfully authenticated using a cert, and skip the password
> check if so.
Ok, so the situation has not changed in the meantime (as I had hoped :-)
I will try my luck tweaking the sources then and be back.