problem with https server

[jimberger]

Hello,

I have implemented a https server with modssl. I have made it so users can present a certificate - but if not then they can present an LDAP password - using the satisfy any directive. This works fine, when the user goes to a restricted area, they get prompted for the certificate - if they do not present one then they get promoted for LDAP password. If they enter their LDAP password they get authorised - however the problem is that when they visit any more pages after the inital authentication they they still get promoted for the certificate - is they any way of telling the server to stop promoting for certifcates once authenticated?

any suggestions are welcome.

thanks

 

[ifincham]

Hi,

Maybe you can use SetEnvIf for this. The Remote_User variable should be populated if a user is authenticated. So a line like this should be able to set the value on an environment varaible depending on whether the user has been authenticated :

SetEnvIfNoCase Remote_User "^$" invaliduser

You would then use that in each (sub) directory container like this :

<Directory /Whatever>
SetEnvIfNoCase Remote_User &quot;^$&quot; invaliduser
order deny,allow
deny from all
allow from env=!invaliduser
</Directory>

I think that should work but it depends on whats in Remote_user ...

Regards