mod_auth_trustheader Wiki
apache-2.x module to get userid from header|environment|SSL variable
Status: Beta
Brought to you by:
lxcow
Menu
▾
▴
Home
Attachments
mod_auth_trustheader.html
(11625 bytes)
mod_auth_trustheader
- Project Admins:
Project Admins:
Related Documentation:
Here we are working with multiple auth providers as described in the httpd.apache 2.4 Docu.
works also in httpd.apache 2.2
Installation and Configuration
mod_auth_trustheader documentation attached to this wiki space
Configuration Examples:
- accept userid from http header field
<Location /cgi-bin>
Order deny,allow
Deny from all
Allow from <Trusted-IPs>
# mod_auth_trustheader.c
AuthType TrustHeader
AuthTrustHeaderProvider anon
AuthTrustHeader %{HTTP:X-USERID}
# mod_authn_anon.c
Anonymous '*'
Anonymous_MustGiveEmail off
Anonymous_NoUserId off
Anonymous_VerifyEmail off
Anonymous_LogEmail off
require valid-user
</Location>
- accept only userids also present in my ldap
<Location /cgi-bin>
Order deny,allow
Deny from all
Allow from <Trusted-IPs>
# mod_auth_trustheader.c
AuthType TrustHeader
AuthTrustHeaderProvider anon
AuthTrustHeader %{HTTP:X-USERID}
# mod_authn_anon.c
Anonymous '*'
Anonymous_MustGiveEmail off
Anonymous_NoUserId off
Anonymous_VerifyEmail off
Anonymous_LogEmail off
# mod_authnz_ldap
AuthLDAPURL ldap://ldaphost:389/o=yourorg?uid?sub
Require ldap-group cn=mygroup,o=yourorg
</Location>
- accept only PKI certificates with serial number present in my ldap
<Location /cgi-bin>
# only trust client certificates of my client CA
SSLVerfiyClient require
SSLRequire ( %{SSL_CLIENT_I_DN} eq "DN of my client CA" )
# mod_auth_trustheader.c
AuthType TrustHeader
AuthTrustHeaderProvider anon
AuthTrustHeader %{SSL:SSL_CLIENT_M_SERIAL}
# mod_authn_anon.c
Anonymous '*'
Anonymous_MustGiveEmail off
Anonymous_NoUserId off
Anonymous_VerifyEmail off
Anonymous_LogEmail off
# mod_authnz_ldap
# search entry in ldap by attribute "pkiserial"
AuthLDAPURL ldap://ldaphost:389/o=yourorg?pkiserial,uid?sub
Require ldap-group cn=mygroup,o=yourorg
</Location>
