Client Authentication and Access Control
I have read the instructions at:
and successfully set up a web server which runs HTTPS and requires
client certificates for authentication.
However, I am not 100% pleased with neither of the *two* methods. What I
dislike is the *user-id* part of the information that is stored in the
Method 1 (mod_auth):
The user-id field is a string converted from the *full* subject DN in the
client certificate which in my case (with Verisign class 1 certificates)
are typically 230 chars long!
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
One more thing with method 1: I noted that the syntax in mod_auth/AuthGroupFile
mygroup: user-id1 user-id2 user-id3
i.e. using space as a separator. The user-id produced in method 1 above
contains a lot of spaces. How can this work? Using quotes?
Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
User Support Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]