Package: apache2-mpm-prefork
Version: 2.0.54-4
Severity: important
Up until yesterday I was using the configuration setting:
<Directory /soma/www/cgi-bin>
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
SSLUserName SSL_CLIENT_S_DN_Email
AuthName "Soma Authentication"
AuthType Basic
AuthUserFile /soma/projects/soma/httpd.password
require valid-user
</Directory>
and Apache would rewrite the REMOTE_USER environment variable to be the e-mail
address included in the client cert. According to the apache docs, this is the
expected behavior.
However, after an apt-get upgrade, this behavior no longer works, and instead
REMOTE_USER is always the full DN of the cert.
I have tested this with both a cgi perl script and two different test scripts
under mod_python, so it appears to not be confined to either of those. Our
entire authentication system was based on first validating certs against the
httpd.password file using fakebasic auth and then passing on the E-mail address
to our code as a unique ID for the user.
Has anyone else had this problem? I've also tried with other cert fields (such
as CN) to no avail.
Thanks!
...Eric
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11.3-modulation-acpi
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
