| Last change
                  on this file since 1704 was
                  1648,
                  checked in by ezyang, 15 years ago | 
        
          | Add cluedump slide sources to Subversion. | 
        | File size:
            1.5 KB | 
      
      
        
  | Rev | Line |  | 
|---|
| [1648] | 1 | \subsection{Apache modules} | 
|---|
|  | 2 |  | 
|---|
|  | 3 | \begin{frame}[fragile] | 
|---|
|  | 4 | \frametitle{Apache modules} | 
|---|
|  | 5 | \begin{itemize} | 
|---|
|  | 6 | \item We make it easy to do authentication against MIT certificates. | 
|---|
|  | 7 | \item Both \texttt{https://scripts-cert.mit.edu}, and port | 
|---|
|  | 8 | \texttt{444} on any scripts hostname, are configured to request | 
|---|
|  | 9 | client certificates. | 
|---|
|  | 10 | \item \texttt{mod\_ssl} provides the | 
|---|
|  | 11 | \texttt{SSL\_CLIENT\_S\_DN\_Email} environment variable, but does | 
|---|
|  | 12 | not integrate with the Apache authentication and authorization | 
|---|
|  | 13 | framework. | 
|---|
|  | 14 | \item Wrote a collection of Apache modules to make this cleaner. | 
|---|
|  | 15 | \end{itemize} | 
|---|
|  | 16 | \end{frame} | 
|---|
|  | 17 |  | 
|---|
|  | 18 | \begin{frame}[fragile] | 
|---|
|  | 19 | \frametitle{\texttt{mod\_auth\_sslcert}} | 
|---|
|  | 20 | \begin{itemize} | 
|---|
|  | 21 | \item \texttt{mod\_auth\_sslcert} passes the | 
|---|
|  | 22 | \texttt{SSL\_CLIENT\_S\_DN\_Email} variable to the Apache | 
|---|
|  | 23 | authorization handlers. | 
|---|
|  | 24 | \end{itemize} | 
|---|
|  | 25 | \begin{semiverbatim} | 
|---|
|  | 26 | AuthType SSLCert | 
|---|
|  | 27 | AuthSSLCertVar SSL_CLIENT_S_DN_Email | 
|---|
|  | 28 | AuthSSLCertStripSuffix "@MIT.EDU" | 
|---|
|  | 29 | \end{semiverbatim} | 
|---|
|  | 30 | \end{frame} | 
|---|
|  | 31 |  | 
|---|
|  | 32 | \begin{frame}[fragile] | 
|---|
|  | 33 | \frametitle{\texttt{mod\_authz\_afsgroup}} | 
|---|
|  | 34 | \begin{itemize} | 
|---|
|  | 35 | \item \texttt{mod\_authz\_afsgroup} does Apache authorization based | 
|---|
|  | 36 | on AFS groups. | 
|---|
|  | 37 | \end{itemize} | 
|---|
|  | 38 | \begin{semiverbatim} | 
|---|
|  | 39 | Require afsgroup system:scripts-team | 
|---|
|  | 40 | \end{semiverbatim} | 
|---|
|  | 41 | \end{frame} | 
|---|
|  | 42 |  | 
|---|
|  | 43 | \begin{frame}[fragile] | 
|---|
|  | 44 | \frametitle{\texttt{mod\_auth\_optional}} | 
|---|
|  | 45 | \begin{itemize} | 
|---|
|  | 46 | \item \texttt{mod\_auth\_optional} subverts the authorization | 
|---|
|  | 47 | process to allow you to serve different pages to users with | 
|---|
|  | 48 | certificates and users without certificates. | 
|---|
|  | 49 | \end{itemize} | 
|---|
|  | 50 | \end{frame} | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.