Without "SSLOptions +FakeBasicAuth", Radius isn't queried at all. Using
"AuthBasicFake" does not change things (specifying it alone does not
query Radius, and specifying it additionally to SSLUsername does not
Has anyone ever made extracting a part of the DN in order to provide it
to Radius work with Apache? (Apache version in this case is 2.4.23)
Re: Client certificate authentication using Apache and mod_auth_radius
On Sep 24, 2020, at 2:28 AM, Marki <[hidden email]> wrote:
> I've tried authenticating a client certificate using Apache and aforementioned module.
> All I'm getting to work is for Apache to transmit the entire DN to Radius as username, which contains whitespace and thus doesn't work.
RADIUS doesn't care about whitespace or not.
The issue is that the mod_auth_radius module looks for username and password from the HTTP headers. If those don't exist, the module won't do anything.
In the end, this is an Apache issue. I wrote the mod_auth_radius in 1999 or so. The Apache people refused to accept it as part of the Apache project. So the module has sort of stalled in development.