Last change
on this file since 1673 was
1648,
checked in by ezyang, 14 years ago
|
Add cluedump slide sources to Subversion.
|
File size:
1.5 KB
|
Line | |
---|
1 | \subsection{Apache modules} |
---|
2 | |
---|
3 | \begin{frame}[fragile] |
---|
4 | \frametitle{Apache modules} |
---|
5 | \begin{itemize} |
---|
6 | \item We make it easy to do authentication against MIT certificates. |
---|
7 | \item Both \texttt{https://scripts-cert.mit.edu}, and port |
---|
8 | \texttt{444} on any scripts hostname, are configured to request |
---|
9 | client certificates. |
---|
10 | \item \texttt{mod\_ssl} provides the |
---|
11 | \texttt{SSL\_CLIENT\_S\_DN\_Email} environment variable, but does |
---|
12 | not integrate with the Apache authentication and authorization |
---|
13 | framework. |
---|
14 | \item Wrote a collection of Apache modules to make this cleaner. |
---|
15 | \end{itemize} |
---|
16 | \end{frame} |
---|
17 | |
---|
18 | \begin{frame}[fragile] |
---|
19 | \frametitle{\texttt{mod\_auth\_sslcert}} |
---|
20 | \begin{itemize} |
---|
21 | \item \texttt{mod\_auth\_sslcert} passes the |
---|
22 | \texttt{SSL\_CLIENT\_S\_DN\_Email} variable to the Apache |
---|
23 | authorization handlers. |
---|
24 | \end{itemize} |
---|
25 | \begin{semiverbatim} |
---|
26 | AuthType SSLCert |
---|
27 | AuthSSLCertVar SSL_CLIENT_S_DN_Email |
---|
28 | AuthSSLCertStripSuffix "@MIT.EDU" |
---|
29 | \end{semiverbatim} |
---|
30 | \end{frame} |
---|
31 | |
---|
32 | \begin{frame}[fragile] |
---|
33 | \frametitle{\texttt{mod\_authz\_afsgroup}} |
---|
34 | \begin{itemize} |
---|
35 | \item \texttt{mod\_authz\_afsgroup} does Apache authorization based |
---|
36 | on AFS groups. |
---|
37 | \end{itemize} |
---|
38 | \begin{semiverbatim} |
---|
39 | Require afsgroup system:scripts-team |
---|
40 | \end{semiverbatim} |
---|
41 | \end{frame} |
---|
42 | |
---|
43 | \begin{frame}[fragile] |
---|
44 | \frametitle{\texttt{mod\_auth\_optional}} |
---|
45 | \begin{itemize} |
---|
46 | \item \texttt{mod\_auth\_optional} subverts the authorization |
---|
47 | process to allow you to serve different pages to users with |
---|
48 | certificates and users without certificates. |
---|
49 | \end{itemize} |
---|
50 | \end{frame} |
---|
Note: See
TracBrowser
for help on using the repository browser.