bugzilla at apache
Mar 13, 2012, 10:33 AM
Post #2 of 3
(120 views)
Permalink
|
|
[Bug 52892] Require expr and %{REMOTE_USER}
[In reply to]
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=52892
--- Comment #2 from Jorge Schrauwen <registration [at] blackdot> 2012-03-13 17:33:47 UTC ---
(In reply to comment #1)
> The require statements are actually executed twice, once before auth and once
> after auth. Auth is only triggered if a Require statement says that its result
> may change after auth and the change of this statement would actually make a
> difference in the end result. However, Require expr currently lacks the
> necessary logic for this.
>
Will it support it in the future?
> You could try (untested):
>
> <RequireAll>
> Require ssl-verify-client
> Require valid-user
> <RequireAny>
> Require user workaround_for_PR_52892
> Require expr ...
> </RequireAny>
> </RequireAll>
>
> Then the Require user would trigger auth. Of course, workaround_for_PR_52892
> must not exist as a user or you have a security problem.
I've tested it and it works!
cert for user1 with user2 as login --> fail
cert for user1 with user1 as login --> success
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
