AuthType Certificate integration completed; patch forthcoming

["Thomas, Peter" <pt...@HPTI.com>]

All:

I just completed an end-to-end test demonstrating authentication and
simple ["Require valid-user"] authorization mapping an X.509 certificate
to an LDAP entry using my new "mod_auth_cert" module.  The module
implements "AuthType Certificate."  I believe the Require ldap-*
directives will work as well.  (I didn't have to make any changes in the
authorization side of mod_authnz_ldap.c.)  By extending mod_authnz_ldap,
I've avoided the limitations of various 3rd party solutions such as
dependence upon specific LDAP schemas.  The only requirement my solution
imposes is that an attribute in the user's LDAP entry must match the
subject of their SSL client certificate. In support of that
requirement--at least as implemented in my environment--I'm also adding
a new optional flag to mod_ssl that will render the certificate subject
in RFC 2253 [XN_FLAGS_RFC2253] format.  (By default the current
[reversed DN, slash-delimited] rendering of the certificate subject will
be used.)

I have to go through some machinations to move the patch from my
integration test environment out to the Internet for posting to
bugzilla.  Once I do, I'll at least take a stab at adding documentation
and update my existing feature request with the final proposed patch.

--Pete