3 Aug
2009
3 Aug
'09
7:02 a.m.
On Sat, 2009-07-18 at 00:12 +0200, Christian Felsing wrote:
is there a config possible which supports both of following authentication schemes ?
1st: If user presents a client certificate, he can log in w/o username/password, where user id comes from CN. Accepting any password is not the right solution.
What do you mean by the last sentence? Do you expect there to be a difference between logging in without a password or with any password?
2nd: If user does not present a client certificate, he have to authenticate by username/password.
%k variable contains "valid" if client had sent a valid SSL cert. With checkpassword or sql passdb that should be enough, I think. With LDAP passdb you'd have to do something ugly.