Re: Client Authentication and Access Control
Øyvin Sømme wrote:[color=blue]
> Joe Orton wrote:
>> On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
>>> Method 2 (SSLRequire):
>>> The user-id field is just '-'.
>>> Can I somehow configure apache/mod_ssl to only store certain elements of
>>> the DN (e.g. the CN in the DN) as the user-id in the access-log?[/color]
>> mod_ssl in httpd 2.0 supports the "SSLUsername" directive which allows
> Thanks for a very good suggestion. Seems to be just what I need.
> So I tried to use the directive 'SSLUserName SSL_CLIENT_S_DN_CN'
> inside the <IfDefine SSL> </IfDefine> context. This resulted in *no*
> change in my log files, the user-id field was still '-'.
> Any idea why it didn't work?
I found out the issue: I cannot use 'SSLOptions +FakeBasicAuth' together with 'SSLUserName xxx'
(not documented anywhere).
Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
User Support Mailing List [email]firstname.lastname@example.org[/email]
Automated List Manager [email]email@example.com[/email]