| Last change
                  on this file since 1960 was
                  1648,
                  checked in by ezyang, 15 years ago | 
        
          | Add cluedump slide sources to Subversion. | 
        | File size:
            1.5 KB | 
      
      
        
  | Line |  | 
|---|
| 1 | \subsection{Apache modules} | 
|---|
| 2 |  | 
|---|
| 3 | \begin{frame}[fragile] | 
|---|
| 4 | \frametitle{Apache modules} | 
|---|
| 5 | \begin{itemize} | 
|---|
| 6 | \item We make it easy to do authentication against MIT certificates. | 
|---|
| 7 | \item Both \texttt{https://scripts-cert.mit.edu}, and port | 
|---|
| 8 | \texttt{444} on any scripts hostname, are configured to request | 
|---|
| 9 | client certificates. | 
|---|
| 10 | \item \texttt{mod\_ssl} provides the | 
|---|
| 11 | \texttt{SSL\_CLIENT\_S\_DN\_Email} environment variable, but does | 
|---|
| 12 | not integrate with the Apache authentication and authorization | 
|---|
| 13 | framework. | 
|---|
| 14 | \item Wrote a collection of Apache modules to make this cleaner. | 
|---|
| 15 | \end{itemize} | 
|---|
| 16 | \end{frame} | 
|---|
| 17 |  | 
|---|
| 18 | \begin{frame}[fragile] | 
|---|
| 19 | \frametitle{\texttt{mod\_auth\_sslcert}} | 
|---|
| 20 | \begin{itemize} | 
|---|
| 21 | \item \texttt{mod\_auth\_sslcert} passes the | 
|---|
| 22 | \texttt{SSL\_CLIENT\_S\_DN\_Email} variable to the Apache | 
|---|
| 23 | authorization handlers. | 
|---|
| 24 | \end{itemize} | 
|---|
| 25 | \begin{semiverbatim} | 
|---|
| 26 | AuthType SSLCert | 
|---|
| 27 | AuthSSLCertVar SSL_CLIENT_S_DN_Email | 
|---|
| 28 | AuthSSLCertStripSuffix "@MIT.EDU" | 
|---|
| 29 | \end{semiverbatim} | 
|---|
| 30 | \end{frame} | 
|---|
| 31 |  | 
|---|
| 32 | \begin{frame}[fragile] | 
|---|
| 33 | \frametitle{\texttt{mod\_authz\_afsgroup}} | 
|---|
| 34 | \begin{itemize} | 
|---|
| 35 | \item \texttt{mod\_authz\_afsgroup} does Apache authorization based | 
|---|
| 36 | on AFS groups. | 
|---|
| 37 | \end{itemize} | 
|---|
| 38 | \begin{semiverbatim} | 
|---|
| 39 | Require afsgroup system:scripts-team | 
|---|
| 40 | \end{semiverbatim} | 
|---|
| 41 | \end{frame} | 
|---|
| 42 |  | 
|---|
| 43 | \begin{frame}[fragile] | 
|---|
| 44 | \frametitle{\texttt{mod\_auth\_optional}} | 
|---|
| 45 | \begin{itemize} | 
|---|
| 46 | \item \texttt{mod\_auth\_optional} subverts the authorization | 
|---|
| 47 | process to allow you to serve different pages to users with | 
|---|
| 48 | certificates and users without certificates. | 
|---|
| 49 | \end{itemize} | 
|---|
| 50 | \end{frame} | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.