[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-users] login.php Auth with X509 Client Certificates
From: |
Dave Hall |
Subject: |
Re: [phpGroupWare-users] login.php Auth with X509 Client Certificates |
Date: |
Tue, 09 Jan 2007 18:15:45 +1100 |
On Mon, 2007-01-08 at 19:04 -0600, Chris Weiss wrote:
> On 1/8/07, Markus Mayer wrote:
> > I've seen that u have already done some workaround reading digital
> certificates in login.php, the email and the DN are delivered as
> username and password to the auth module but not compared to the
> database (the db fields anyway would be too short for my email and dn
> information).
>
>
> that code is very old, I'm not sure anyone active knows what the
> intent was. maybe the implenetor had less requirements, or maybe the
> accounts schema has changed.
I have some idea of what it does :)
It was designed to work something like this
You issue client side certs to your users
The accounts exist in the accounts table
If the user presents a valid cert they are logged in. If they don't
have a cert they can use the normal user/pass combo on the login screen.
The validation of the certs is handled by mod_ssl.
It should be pretty easy to modify the code to use LDAP as the backend
instead of SQL. If you need help, ask on the dev list and we will try
to help you.
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e address@hidden
w phpgroupware.org
j address@hidden
sip address@hidden
_ ____ __ __
_ __ | |__ _ __ / ___|_ __ ___ _ _ _ _\ \ / /_ _ _ __ ___
| '_ \| '_ \| '_ \| | _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V V / (_| | | | __/
| .__/|_| |_| .__/ \____|_| \___/ \__,_| .__/ \_/\_/ \__,_|_| \___|
|_| |_| |_|Web based collaboration platform