|
Graham Dumpleton
grahamd at dscpl.com.au
Thu May 19 18:52:10 EDT 2005
On 20/05/2005, at 12:27 AM, Bud P. Bruegger wrote: > I'm a beginner and hope someone can straighten me out. > > I am trying to write a simple handler that clicks in after mod-ssl has > requested a certificate from the client. Depending on the type of > client token (European eID cards), I'd like the handler to look at the > client's subject DN derive (by string manipulation or by lookup) a > nationally unique ID for the card holder. > > Sounds simple enough--but I can't get it to work. I tried both, the > authen and the authz handlers. But neither from mod-ssl's > +fakeBasicAuth nor from the handlers req.user = 'xxx' do I get a > REMOTE_USER env variable set. Also the test evironment variable that > I try to set in the authen/authz handler doesn't have effect. Normally the authenhandler will only be called if the Apache configuration has something like: AuthType Basic AuthName "Restricted Files" AuthUserFile /Users/grahamd/Sites/auth/pwdb Ie., it is triggered of the presence of these special Auth options. Similarly, the authzhandler only get called if other appropriate options for it are defined. Your SSL stuff doesn't seem to fit under that model and so the handlers may simply not be getting called. > Does this possibly mean that the authen/authz handlers are not called > at all in my configuration? Should I use a different handler and > which? Or did I simply mess up something else? Try adding a req.log_error() call in the handlers to see if they get called or not. Message will be in the Apache error log file. Does your code work if you move what you have in the authenhandler into the start of your actual handler function? Ie., does the concept at least work? As a fudge, you could always stick it in the accesshandler, which from memory is always called if defined. Graham
|