#
# Strong Extranet Module for Apache-SSL
#

Requires: Apache-1.3.1+SSL1.23
File: mod_sxnet.c

This module implements the Thawte Strong Extranet for Apache-SSL
web server. 

To build it:

   - change to apache_1.3.1/src/modules
   - tar zxf sxnet.tar.gz
   - change to the apache_1.3.1/src directory
   - insert a new line into ./Configuration:
     "AddModule modules/sxnet/mod_sxnet.o" (without the "")
   - run ./Configure
   - make clean; make
   - your new server is ./httpsd

Using the module:

   The module adds the following directives:

       AuthType           StrongExtranet
       SXNetZone          a number   (the zone number)
       SXNetGroupFile     /path/to/groups/file
       SXNetB64EncodeID   on/off

   "AuthType StrongExtranet" tells the server to use Strong Extranet
   Authentication in that directory. It's the equivalent of
   "AuthType Basic" or "AuthType Digest". Note that you need to
   have turned ON client certificate requesting, and set the CA
   details, as part of normal SSL configuration.

   The SXNetZone is a single integer.  It defines the zone in which
   the client has to have an ID in order to gain access to the directory.
   The Thawte ACME Test Zone is 2, so use that for demos.

   The SXNetGroupFile is a file that can be used to put users in groups,
   just like the standard Basic authentication mechanism.

   SXNetB64EncodeID allows you to have the ID base64 encoded before it
   is put into the REMOTE_USER CGI variable. Use this if your ID can be
   8-bit.

Example:

The following configuration snippet will setup the server to require
that client certs have the StrongExtranet extension, with an ID in
zone 23 embedded:

   <Directory />
   AuthType StrongExtranet
   AuthName Test Extranet
   SXNetB64EncodeID on
   SXNetZone 23
   SXNetGroupFile /etc/httpsd/groups
   require valid-user
   </Directory>