mod auth trustheader

We have hosted the application mod auth trustheader in order to run this application in our online workstations with Wine or directly.

Quick description about mod auth trustheader:

Mostly copied from mod_auth_basic of apache-2.2.

The basic-auth handshake was replaced by some code which gets the userid out of a customable variable. The variable could be anything ap_expr could read in authentication hook, e.g.: a header field, a httpd environment variable or an SSL environment variable. The syntax is the same known from RewriteCond of mod_rewrite: e.g.: %{HTTP: variable}, %{ENV: variable} or %{SSL: variable}

No password is written into internal httpd variables. So the authentication has to be validated by mod_authn_anon.
For authorisation any of the authz standard modules could be used.

Features:

• accept authentification of a an other server (e.g. reverse proxy)
• accept authentification by trusting HTTP Header variable
• accept authentification by trusting Environment variable
• accept authentification by trusting SSL variable (e.g. SSL_CLIENT_M_SERIAL)

Audience: System Administrators, Other Audience, Security Professionals, Security.

Programming Language: C.

.