-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/11/12 14:35, Mark Montague wrote:
> On November 5, 2012 6:32 , Martin Drescher <drescher@xxxxxxxx>
> wrote:
>> I would like to set the REMOTE_USER environment to the value of
>> %{HTTP_SSL_CLIENT_S_DN_CN}. After reading the fine manual e few
>> time I think it should work with that:
>>
>> RewriteEngine On RewriteCond %{SSL:HTTP_SSL_CLIENT_S_DN_CN} (.+)
>> RewriteRule ^.*$ - [E=REMOTE_USER:$1]
>>
>> Tried some variations, but it does not :-( Could someone help me
>> out with this?
>
> Remove those mod_rewrite directives. Instead, use
>
> SSLUserName SSL_CLIENT_S_DN_CN
>
>
> See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslusername
Close, but no cigar:
In fact, I do not use SSL at this distinct host. But I run a reverse
proxy using ProxyPass which terminates the SSL at it's world device
and then forwards a Nagios host in that case. Nagios is happy with the
REMOTE_USER environment set for access control. I checked this setting
REMOTE_USER using the SetEnv syntax. Unfortunately this does not take
a variable as argument.
So I set a HTTP request header (SSL_CLIENT_S_DN_CN) in the reverse
proxy and try to copy that to REMOTE_USER. To avoid any conflicts with
the mod_ssl I also tried to set a X-Forwarded-SSL_CLIENT_S_DN_CN and
used that with SSLUserName: REMOTE_USER is not set.
Also tied FakeBasicAuth.
Martin
>
>
> -- Mark Montague mark@xxxxxxxxxxx--
Martin Drescher
GnuPG Key Fingerprint, KeyID '4FBE451A':
'2237 1E95 8E50 E825 9FE8 AEE1 6FF4 1E34 4FBE 451A'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCX2iQACgkQb/QeNE++RRqqtgCeJGRVAoME51UJDuYkFFHvI2ta
LwEAnj8BJz8n82f4hDT1PaeChjy8pLVL
=3Huu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|