ELOG

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

honor "user" field in the Apache SSL request object or environment variables in SSL process groups?, posted by Owen LaGarde on Wed Aug 25 02:49:44 2010

Re: honor "user" field in the Apache SSL request object or environment variables in SSL process groups?, posted by Stefan Ritt on Wed Sep 15 01:04:21 2010

Message ID: 66904 Entry time: Wed Sep 15 01:04:21 2010 In reply to: 66881

Icon:

Author:

Stefan Ritt

Author Email:

stefan.ritt@psi.ch

Category:

Question

OS:

Linux

ELOG Version:

2.7.8

Subject:

Re: honor "user" field in the Apache SSL request object or environment variables in SSL process groups?

Owen LaGarde wrote:

Will elog defer user identification and authorization to the ssl engine of a *local* Apache proxy? I'd like to try elog in a site that requires the service port positively authenticate and identify users via smartcard certificate ID. Per SOP they have Apache+mod_ssl setting SSLUserName=SSL_CLIENT_S_DN_CN which sets both the SSL request object's "user" field and the REMOTE_USER environment var relative to the mod_ssl's session's process group leader. Users auth with Apache's mod_ssl as a single-signon replacement for web apps which have traditional native, internal user accounts/passwords, but those passwords are subsumed by the Apache/smartcard/mod_ssl setup. The web apps define internal accounts matching the users' cert IDs but do not allow any management of the [unused] passwords. Can elog do this?

This is not implemented at the moment.

ELOG V3.1.5-fe60aaf