2.3.160 SSLFakeBasicAuth
SSLFakeBasicAuth specifies to enable basic authentication by using the client certificate.
Description
Along with SSL client authentication, SSLFakeBasicAuth specifies to enable basic authentication by using only the client certificate, even if the user ID and password are not entered in the web browser. The file specified in the AuthUserFile directive must contain Subject and the password of the X509 client certificate. The password is fixed to the following value (generated by encrypting "password"):
"{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g="
Syntax
SSLFakeBasicAuth
Locations where it can be written
httpsd.conf and <VirtualHost>
Example
- The value of the Subject field in the certificate that is displayed by the hwscertutil command is as follows:
-
Subject: EMAIL=username@userhost,CN=username,OU=Software,O=HITACHI, L=Yokohama-shi,ST=Kanagawa,C=JP
In this case, the file to be specified by the AuthUserFile directive is as follows:
/C=JP/ST=Kanagawa/L=Yokohama-shi/O=HITACHI/OU=Software/CN=username
/Email=username@userhost:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
The value of Subject is recorded in a log if u is specified in the LogFormat directive.
If authentication fails, the status code 401 Authorization Required is returned.