combine client certificate authentication with ldap based authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I want to authenticate users on apache. In case they have a valid x509 
client certificate in their browser for authentication, then that should be 
sufficient. In case the client does not have such a certificate, the user 
should be able to authenticate via username/password against ldap.

I got both working on its own, but when I try to combine both, and I have a 
x509 certificate, then it still asks for a username/password.

<VirtualHost _default_:443>
    ServerName test.intern
    HostnameLookups Off

    SSLEngine on
    SSLCertificateFile /etc/apache2/certs/server.crt
    SSLCertificateKeyFile /etc/apache2/certs/server.key
    SSLCertificateChainFile /etc/apache2/certs/ca.crt
    SSLCACertificateFile /etc/apache2/certs/ca.crt


    CustomLog /var/log/apache2/ssl_test_request_log   ssl_combined

    <Location /ssl>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1

        Satisfy              any

        SSLRequireSSL

        #SSLVerifyClient optional
        SSLVerifyClient require
        SSLVerifyDepth 9
        SSLOptions +FakeBasicAuth +StrictRequire
        AuthUserFile         /etc/apache2/conf.d/httpd.passwd
        require              valid-user

        AuthType Basic
        AuthBasicProvider "ldap"
        AuthName "TEST Login"
        AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern";
        AuthzLDAPAuthoritative off
        require ldap-user testuser
    </Location>
</VirtualHost>


I'm not sure, when I read the manual, whether the Satisfy any is relevant 
for my case at all.

Any pointer into the right direction is highly appreciated.

kind regards
Sebastian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux