Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Dev

Client authentication and authorization using client certificates

  

 
Apache dev RSS feed   Index | Next | Previous | View Threaded


joh_m at gmx

Jun 16, 2009, 9:36 AM

Post #1 of 8 (613 views)
Permalink
Client authentication and authorization using client certificates
Hello,

there has been an increasing number of requests concerning a certificate
based authentication / authorization for the Apache httpd in the past few
weeks.
As you might remember, I started a discussion around that topic in July
2008.
Because of the somewhat missing interest on the mailing list at that time I
haven't persued this issue any longer.
This has changed lately. Therefore I decided to spend some hours on
finishing a
new authentication module called mod_auth_certificate

Please feel free to download it at*

https://sourceforge.net/projects/modauthcertific/

*You will also find some kind of short documentation in the archive.

*Features:*
- Works with Apache 2.0 / 2.2 / 2.3-trunk
- Apache sources won't have to be patched
- Supports fallback to basic authentication in case of cert auth failure
- Should work with all authorization modules coming with Apache (though I
wasn't able to check all of them).
- Easy to install without recompiling Apache
- Extremely easy to configure

My intention in this announcement is to arouse increased interest in
that topic by
providing something usable to the list. I still believe that better
native support for
client certificate based authentication and authorization will in future
offer
improved chances to the Apache webserver. I can think of smartcards
being an
increasingly used SSO alternative to NTLM especially in heterogeneous
environments.

I would appreciate it if you could take a look at the module and leave your
comments here.

Please note that this program is open source software and was released
under the
GPL.
Also my employer has nothing to do with the release of this work. It has
become
my private pleasure now :-)

Thanks and Greetings,
Johannes Müller


covener at gmail

Jun 16, 2009, 10:21 AM

Post #2 of 8 (580 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
> Hello,
> Please note that this program is open source software and was released under
> the GPL.

Regarding the license: That's going to prevent some interested
parties from clicking through, much less contributing to it.

--
Eric Covener
covener[at]gmail.com


joh_m at gmx

Jun 16, 2009, 2:24 PM

Post #3 of 8 (581 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
Eric Covener wrote:
> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
>
>> Hello,
>> Please note that this program is open source software and was released under
>> the GPL.
>>
>
> Regarding the license: That's going to prevent some interested
> parties from clicking through, much less contributing to it.
>
>
Better one would be Apache License 2.0 right?
I'm not too deep into license issues...


covener at gmail

Jun 16, 2009, 2:33 PM

Post #4 of 8 (580 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
On Tue, Jun 16, 2009 at 5:24 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
> Eric Covener wrote:
>>
>> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
>>
>>>
>>> Hello,
>>> Please note that this program is open source software and was released
>>> under
>>> the GPL.
>>>
>>
>> Regarding  the license: That's going to prevent some interested
>> parties from clicking through, much less contributing to it.
>>
>>
>
> Better one would be Apache License 2.0 right?
> I'm not too deep into license issues...

That would remove the barrier and match the in-tree modules (if
there's no strong preference for another license, and the code is
yours to relicense)

--
Eric Covener
covener[at]gmail.com


rpluem at apache

Jun 16, 2009, 2:34 PM

Post #5 of 8 (586 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
On 06/16/2009 11:24 PM, Johannes Müller wrote:
> Eric Covener wrote:
>> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
>>
>>> Hello,
>>> Please note that this program is open source software and was
>>> released under
>>> the GPL.
>>>
>>
>> Regarding the license: That's going to prevent some interested
>> parties from clicking through, much less contributing to it.
>>
>>
> Better one would be Apache License 2.0 right?

Correct. So relicensing it to Apache License 2.0 brings you in a better
position here. AFAIU you are the only author and contributor to this
module so far. So this should be easy.

Regards

Rüdiger


joh_m at gmx

Jun 16, 2009, 2:40 PM

Post #6 of 8 (582 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
Ruediger Pluem wrote:
> On 06/16/2009 11:24 PM, Johannes Müller wrote:
>
>> Eric Covener wrote:
>>
>>> On Tue, Jun 16, 2009 at 12:36 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
>>>
>>>
>>>> Hello,
>>>> Please note that this program is open source software and was
>>>> released under
>>>> the GPL.
>>>>
>>>>
>>> Regarding the license: That's going to prevent some interested
>>> parties from clicking through, much less contributing to it.
>>>
>>>
>>>
>> Better one would be Apache License 2.0 right?
>>
>
> Correct. So relicensing it to Apache License 2.0 brings you in a better
> position here. AFAIU you are the only author and contributor to this
> module so far. So this should be easy.
>
> Regards
>
> Rüdiger
>
Yes should be no problem. Relicensing means I'll also have to remove
current the current
version and SVN revisions so there is no problem if someone already
downloaded the
GPLed release?

Greetings
Johannes


covener at gmail

Jun 16, 2009, 2:55 PM

Post #7 of 8 (583 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
> Yes should be no problem. Relicensing means I'll also have to remove current
> the current
> version and SVN revisions so there is no problem if someone already
> downloaded the
> GPLed release?

IANAL: I don't see why, they're free to use it under those terms, and
you're free to change the terms of any subsequent release (or prior
release to other parties!)

--
Eric Covener
covener[at]gmail.com


joh_m at gmx

Jun 24, 2009, 2:52 PM

Post #8 of 8 (453 views)
Permalink
Re: Client authentication and authorization using client certificates [In reply to]
Eric Covener wrote:
> On Tue, Jun 16, 2009 at 5:40 PM, Johannes Müller<joh_m[at]gmx.de> wrote:
>
>> Yes should be no problem. Relicensing means I'll also have to remove current
>> the current
>> version and SVN revisions so there is no problem if someone already
>> downloaded the
>> GPLed release?
>>
>
> IANAL: I don't see why, they're free to use it under those terms, and
> you're free to change the terms of any subsequent release (or prior
> release to other parties!)
>
>


Released version 0.2 of mod_auth_certificate under Apache License 2.0
Download at https://sourceforge.net/projects/modauthcertific/

Any comments?

Greetings,
Johannes

Apache dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.