Bug#111262: marked as done (SSLFakeAuth doesn\'t work)
Your message dated Tue, 21 Oct 2003 14:00:19 +0100
with message-id <20031021130019.GC18370@parcelfarce.linux.theplanet.co.uk>
and subject line closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Sep 2001 22:45:26 +0000
>From weaves@ee.ucl.ac.uk Tue Sep 04 17:45:26 2001
Return-path: <weaves@ee.ucl.ac.uk>
Received: from picard.ee.ucl.ac.uk [128.40.42.82]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 15eOwb-0003pq-00; Tue, 04 Sep 2001 17:45:22 -0500
Received: from reblochon.ee.ucl.ac.uk (reblochon [128.40.42.180])
by picard.ee.ucl.ac.uk (8.9.3+Sun/8.9.1) with ESMTP id XAA18768;
Tue, 4 Sep 2001 23:45:15 +0100 (BST)
Received: from dave-r.r.ee.ucl.ac.uk
([192.168.1.16] helo=dave.b.ee.ucl.ac.uk ident=mail)
by reblochon.ee.ucl.ac.uk with esmtp (Exim 3.12 #1 (Debian))
id 15eOwV-0002oa-00; Tue, 04 Sep 2001 23:45:15 +0100
Received: from weaves by dave.b.ee.ucl.ac.uk with local (Exim 3.12 #1 (Debian))
id 15eOwR-0000QU-00; Tue, 04 Sep 2001 23:45:11 +0100
From: Walter Eaves <weaves@ee.ucl.ac.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: SSLFakeAuth doesn\'t work
Message-Id: <E15eOwR-0000QU-00@dave.b.ee.ucl.ac.uk>
Sender: Walter Eaves <weaves@dave.g.ee.ucl.ac.uk>
Date: Tue, 04 Sep 2001 23:45:11 +0100
X-BadReturnPath: weaves@dave.g.ee.ucl.ac.uk rewritten as weaves@ee.ucl.ac.uk
using "From" header
Delivered-To: submit@bugs.debian.org
Package: apache-ssl
Version: 1.3.9.13-2
Severity: important
Hello,
httpd.conf says
# Translate the client X509 into a Basic authorisation. This means that the
# standard Auth/DBMAuth methods can be used for access control. The user name
# is the "one line" version of the client's X509 certificate. Note that no
# password is obtained from the user. Every entry in the user file needs this
# password: xxj31ZMTZzkVA. See the code for further explanation.
SSLFakeBasicAuth
and this should allow me to log on without having to give a password
in a BasicAuth dialogue.
so I have set up a VirtualHost
<VirtualHost ra.b.ee.ucl.ac.uk:4443>
ServerAdmin webmaster@ra.b.ee.ucl.ac.uk
DocumentRoot /var/local/www-ra
ServerName ra.b.ee.ucl.ac.uk
ErrorLog /var/log/apache-ssl/ra.b.ee.ucl.ac.uk-error.log
TransferLog /var/log/apache-ssl/ra.b.ee.ucl.ac.uk-access.log
CustomLog /var/log/apache-ssl/ra.b.ee.ucl.ac.uk-custom.log full
CustomLog /var/log/apache-ssl/ra.b.ee.ucl.ac.uk-ssl-custom.log "%t %{version}c %
{cipher}c %{clientcert}c"
SSLFakeBasicAuth
SSLVerifyDepth 10
SSLVerifyClient 2
SSLEnable
SSLCACertificateFile /etc/apache-ssl/cacert.pem
SSLCertificateFile /etc/apache-ssl/ra.pem
ScriptAlias /cgi-bin/ /var/local/cgi-ra/
</VirtualHost>
The server does request the certificate and the ssl-custom.log does
record me as visiting the site
[04/Sep/2001:22:42:59 +0100] SSL3 RC4-MD5 /C=GB/ST=England/L=London/O=UCL/OU=EE/
CN=Walter Eaves/Email=weaves@ee.ucl.ac.uk
[04/Sep/2001:22:42:59 +0100] SSL3 RC4-MD5 /C=GB/ST=England/L=London/O=UCL/OU=EE/
CN=Walter Eaves/Email=weaves@ee.ucl.ac.uk
I believe I have the right information in my htpasswd file (it does
ask for authorisation).
"/C=GB/ST=England/L=London/O=UCL/OU=EE/CN=Walter Eaves/Email=weaves@ee.ucl.ac.uk:xxj31ZMTZzkVA"
/C=GB/ST=England/L=London/O=UCL/OU=EE/CN=Walter Eaves/Email=weaves@ee.ucl.ac.uk:xxj31ZMTZzkVA
I've tried a number of quoting options suggested by www.apache-ssl.org
mailing archive list.
But still no unprompted logon.
-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux dave 2.2.18pre21 #1 Sat Nov 18 18:47:15 EST 2000 i686
Versions of packages apache-ssl depends on:
ii apache-common 1.3.9-13.2 Support files for all Apache webse
ii libc6 2.1.3-18 GNU C Library: Shared libraries an
ii libdb2 2:2.4.14-2.7.7.1.c The Berkeley database routines (ru
ii libgdbmg1 1.7.3-26.2 GNU dbm database routines (runtime
ii libssl09 0.9.4-5 SSL shared libraries
ii mime-support 3.9-1 MIME files 'mime.types' & 'mailcap
ii openssl 0.9.4-5 Secure Socket Layer and related cr
ii perl-5.005 [perl5] 5.005.03-7.1 Larry Wall's Practical Extracting
---------------------------------------
Received: (at 111262-close) by bugs.debian.org; 21 Oct 2003 13:00:20 +0000
>From willy@www.linux.org.uk Tue Oct 21 08:00:19 2003
Return-path: <willy@www.linux.org.uk>
Received: from parcelfarce.linux.theplanet.co.uk (www.linux.org.uk) [195.92.249.252]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1ABw7X-0002oY-00; Tue, 21 Oct 2003 08:00:19 -0500
Received: from willy by www.linux.org.uk with local (Exim 4.22)
id 1ABw7X-00063y-6Q
for 111262-close@bugs.debian.org; Tue, 21 Oct 2003 14:00:19 +0100
Date: Tue, 21 Oct 2003 14:00:19 +0100
From: Matthew Wilcox <willy@debian.org>
To: 111262-close@bugs.debian.org
Subject: closing
Message-ID: <20031021130019.GC18370@parcelfarce.linux.theplanet.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Sender: <willy@www.linux.org.uk>
Delivered-To: 111262-close@bugs.debian.org
X-Spam-Status: No, hits=0.0 required=4.0
tests=none
version=2.53-bugs.debian.org_2003_10_21
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_10_21 (1.174.2.15-2003-03-30-exp)
Thom asked for feedback 3 months ago, and no reply. So I'm closing this bug.
--
"It's not Hollywood. War is real, war is primarily not about defeat or
victory, it is about death. I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk
Reply to: