Apache 2, web services, SSL and authentication

[VinzC]

Hi.

I have an Apache 2 web server and I'd like to setup a web service on the same server machine. The machine is connected - using 2 network interfaces - to the LAN and to the Internet. Access to the web service should require SSL authentication, while the web server is publicly accessible.

Each web service client should have a certificate for SSL authentication against the web service. The web service should be allowed to edit files on the web server for content management.

• Is it possible to have the web services run under a different account than Apache 2? Or is there a way for the web service to spawn a process under a given user account?
  
• Since my web service clients must authenticate with SSL certificates, can such a certificate and the user account (under which the web service runs) be somehow linked?

Note that I'd like my web clients *not* to supply a user ID/password since they are already authenticated against the web service using their certificate. The web service should either run under the same user account or spawn a process under a user account that is based on or gathered from the client SSL certificate - in a similar way as SSH with private/public key pairs.

Thanks for any hint/suggestion.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!

[VinzC]

Nobody cares?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!