<div dir="ltr"><div>I found that Apache breaks out client certificate information so this is handed to the cgi scripts in the environment:</div><div><br></div><div><div> SSL_CLIENT_S_DN_CN=MITCHELL.RALPH.xxxxxxx</div></div>
<div><br></div><div>I still have the big ugly DN string in the passwd file for FakeBasicAuth to work, but with this:</div><div><br></div><div><div> REMOTE_USER="$SSL_CLIENT_S_DN_CN"</div></div><div><br></div>
in /home/xymon/server/etc/cgioptions.cfg, at least the shorter name is used for the web pages where a test is acked or disabled.<div><br></div><div>Ralph Mitchell</div><div> <div><br></div><div><div><br></div></div><div><br>
</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Aug 2, 2014 at 8:12 PM, Richard L. Hamilton <span dir="ltr"><<a href="mailto:rlhamil2@gmail.com" target="_blank">rlhamil2@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There are those who have asked for a way to transform the REMOTE_USER variable when it's used for display purposes (like in the enadis.sh CGI program). This can be perhaps more desirable when client certs are used with +FakeBasicAuth; the rather long identifying strings then used in the xymonpasswd (or comparable) file are a bit ugly.<br>
<br>
AFAIK, Apache's mod_env will not modify standard CGI environment variables; so the CGI's would have to do it. If they checked if some optional RE was in a config file, they could use that to convert REMOTE_USER into something better suited to display than e.g.<br>
/CN=CAcert WoT User/emailAddress=<a href="mailto:johndoe@nobody.com">johndoe@nobody.com</a><br>
(trivial example of what a free cert from CAcert might show up as); or there could be a file that just mapped REMOTE_USER values to display names.<br>
<br>
Overkill, or worthwhile? :-)<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
</blockquote></div><br></div>