Last change
on this file since 1820 was
1648,
checked in by ezyang, 15 years ago
|
Add cluedump slide sources to Subversion.
|
File size:
1.5 KB
|
Rev | Line | |
---|
[1648] | 1 | \subsection{Apache modules} |
---|
| 2 | |
---|
| 3 | \begin{frame}[fragile] |
---|
| 4 | \frametitle{Apache modules} |
---|
| 5 | \begin{itemize} |
---|
| 6 | \item We make it easy to do authentication against MIT certificates. |
---|
| 7 | \item Both \texttt{https://scripts-cert.mit.edu}, and port |
---|
| 8 | \texttt{444} on any scripts hostname, are configured to request |
---|
| 9 | client certificates. |
---|
| 10 | \item \texttt{mod\_ssl} provides the |
---|
| 11 | \texttt{SSL\_CLIENT\_S\_DN\_Email} environment variable, but does |
---|
| 12 | not integrate with the Apache authentication and authorization |
---|
| 13 | framework. |
---|
| 14 | \item Wrote a collection of Apache modules to make this cleaner. |
---|
| 15 | \end{itemize} |
---|
| 16 | \end{frame} |
---|
| 17 | |
---|
| 18 | \begin{frame}[fragile] |
---|
| 19 | \frametitle{\texttt{mod\_auth\_sslcert}} |
---|
| 20 | \begin{itemize} |
---|
| 21 | \item \texttt{mod\_auth\_sslcert} passes the |
---|
| 22 | \texttt{SSL\_CLIENT\_S\_DN\_Email} variable to the Apache |
---|
| 23 | authorization handlers. |
---|
| 24 | \end{itemize} |
---|
| 25 | \begin{semiverbatim} |
---|
| 26 | AuthType SSLCert |
---|
| 27 | AuthSSLCertVar SSL_CLIENT_S_DN_Email |
---|
| 28 | AuthSSLCertStripSuffix "@MIT.EDU" |
---|
| 29 | \end{semiverbatim} |
---|
| 30 | \end{frame} |
---|
| 31 | |
---|
| 32 | \begin{frame}[fragile] |
---|
| 33 | \frametitle{\texttt{mod\_authz\_afsgroup}} |
---|
| 34 | \begin{itemize} |
---|
| 35 | \item \texttt{mod\_authz\_afsgroup} does Apache authorization based |
---|
| 36 | on AFS groups. |
---|
| 37 | \end{itemize} |
---|
| 38 | \begin{semiverbatim} |
---|
| 39 | Require afsgroup system:scripts-team |
---|
| 40 | \end{semiverbatim} |
---|
| 41 | \end{frame} |
---|
| 42 | |
---|
| 43 | \begin{frame}[fragile] |
---|
| 44 | \frametitle{\texttt{mod\_auth\_optional}} |
---|
| 45 | \begin{itemize} |
---|
| 46 | \item \texttt{mod\_auth\_optional} subverts the authorization |
---|
| 47 | process to allow you to serve different pages to users with |
---|
| 48 | certificates and users without certificates. |
---|
| 49 | \end{itemize} |
---|
| 50 | \end{frame} |
---|
Note: See
TracBrowser
for help on using the repository browser.