|
Eric Jonas
jonas at cortical.mit.edu
Tue May 24 17:18:05 EDT 2005
Hello! I've been using trac, a nice python integrated
bug-tracker/wiki/source browser, and recently an apt-get update/upgrade
broke SSLUserName on apache 2.0.54. I'm trying to figure out what the
problem might be.
SSLUserName is used on apache to substitute some substring of a
certificate's full DN as the req.user username that is then used by
modules. For example, with the following in my config file:
<Directory /soma/www/pytest>
AddHandler mod_python .py
PythonHandler mptest
PythonDebug On
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLUserName SSL_CLIENT_S_DN_CN
SSLOptions +FakeBasicAuth
AuthName "Authentication"
AuthType Basic
AuthUserFile /foo/httpd.password
require valid-user
</Directory>
And a test file,
from mod_python import apache
import os
def handler(req):
req.content_type = "text/plain"
outstr = "USER IS %s" % req.user
req.write(outstr)
return apache.OK
I should get
USER IS Eric M Jonas
But instead get:
USER IS /C=US/ST=Massachusetts/O=Massachusetts Institute of
Technology/OU=Client CA v1/CN=Eric M Jonas/emailAddress=jonas at MIT.EDU
This is really unfortunate because the full /C=US(etc) string sucks from
a usability point of view, and I swear this was working in 2.0.52. Has
anyone else experienced this sort of problem?
Thanks,
...Eric
|