Client Authentication and Access Control

Hi.

I have read the instructions at:

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9

and successfully set up a web server which runs HTTPS and requires
client certificates for authentication.

However, I am not 100% pleased with neither of the *two* methods. What I
dislike is the *user-id* part of the information that is stored in the
access log:

Method 1 (mod_auth):

The user-id field is a string converted from the *full* subject DN in the
client certificate which in my case (with Verisign class 1 certificates)
are typically 230 chars long!

Method 2 (SSLRequire):

The user-id field is just '-'.

Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?


One more thing with method 1: I noted that the syntax in mod_auth/AuthGroupFile
is:

mygroup: user-id1 user-id2 user-id3

i.e. using space as a separator. The user-id produced in method 1 above
contains a lot of spaces. How can this work? Using quotes?

Thanks.

Oyvin
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org