Feedback on FakeBasicAuthRegPlugin

-- MikeMoretti - 20 Nov 2004

I did some editing of the topic (refer to %TWIKIWEB% instead of TWiki; corrected & escaped links; made examples monospaced; added signature). You can take that into the next release if you wish.

Administrators appreciate Benchmark numbers. You can use the PluginBenchmarkAddOn to measure it easily.

-- PeterThoeny - 20 Nov 2004

Interesting idea Mike, thanks for contributing it.

-- MartinCleaver - 21 Nov 2004

So far this has worked well on Apache 1.3. Apache 2 is another matter. Someone else has tested this and mentioned that it doesn't seem to work. Apache 2 puts the full client cert DN into REMOTE_USER (and expects this to be in the htpasswd file) instead of just the first part of your e-mail address. I don't know if this really is a problem or not. I don't see why TWiki couldn't use the DN as your userid. It might just be a matter of changing the registration txt file to use %ENV{SSL_CLIENT_I_DN} instead of the e-mail.

-- MikeMoretti - 14 Jan 2005

Apache 2 seems to have a few problems.

One problem is that the $ENV{xxx} variables are not available at the time that FakeBasicAuthRegPlugin.pm is executed. See http://search.cpan.org/~geoff/Apache-SSLLookup-2.00_02/SSLLookup.pm for more information. This prevents using these variables in the registration form. This is easy to work around since one can explicitly enter their identifier string as their TWiki name and fill in the registration form by hand.

The next problem is that /usr/bin/ci takes an argument '-w' which doesn't seem to handle spaces well. A typical REMOTE_USER variable using fake authentication will include spaces.

An error might look like the following:

/usr/bin/ci -q -l -m'none' -t-none -w'/C=US/ST=California/O=My Company/CN=Joe Joe/emailAddress=joe@joe.com'
'/usr/local/www/twiki/data/WebSalesOnline/ProjectList.txt' 2>&1
ci: invalid identifier `/C=US/ST=California/O=My'
ci aborted

-- ChrisMeyer - 22 Mar 2005

checked .zip into CVS

-- WillNorris - 27 Jun 2005