2

Hi I'm trying to incorporate a software to our intranet services (BackupPc)

This Software uses the environment variable REMOTE_USER to get the username. Placed under an Apache 2.2 server with Client certificate Authentication system and FakeBasicAuth enabled, REMOTE_USER gets the same value as SSL_CLIENT_S_DN, which have all the distinguished name string of the certificate.

I'm trying to set REMOTE_USER the contents of SSL_CLIENT_S_DN_CN which has a content which matches with my usernames and easyer and shorter to read.

This environment variable passed to CGI can not be changed by SetEnv and SetEnfIf. There's also a mod_ssl directive, SSLUserName but the Apache 2.2 official documentation says that it won't work with FakeBasicAuth enabled.

So I'm wondering if I'm missing something or there's a clever workarround on this issue.

I can't drop FakeBasicAuth because that's our authmodel on the rest of the intranet, And I dont want to patch the code of the application (I did it to get it working but I want to drop the patched code in favor of the official one)

theist
  • 1,199
  • 2
  • 9
  • 24

1 Answers1

1

It seems that REMOTE_USER cannot be modified by apache directives, so what about modifying BackupPc to use SSL_CLIENT_S_DN_CN variable or to set the value of REMOTE_USER in its startup code?

Community
  • 1
Jaime Soriano
  • 308
  • 3
  • 15
  • I Already did it to get it working. I'ts just a one line patch of perl code which adds this feature to BackuPc. But now I need to manatain the patched code for my system on each upgrade of BackupPc, And that is what I'm trying to avoid. – theist Apr 04 '11 at 08:49
  • That wasn't an answer, but the answer is that there's no answer. – theist Jul 19 '11 at 12:49