On Fri, Jul 4, 2008 at 5:43 AM, Müller Johannes
<Johannes.Mueller@???> wrote:
> Well, this would require quite big changes to all authentication modules, i guess.
> I think, the better way would be to skip authentication completely in mod_auth_basic in case the user is set in the request object, because the user is already authenticated somehow through mod_ssl.
Your solution 2 is not difficult at all, and you don't even really
need to use a new AuthType. Simply returning OK or DECLINED from your
new modules early ap_hook_check_user_id, and letting authz run as
normal, is sufficient for cert-based auth.
--
Eric Covener
covener@???
