[Zope] LoginManager and SSL client authentication

Stefan H. Holek stefan@epy.co.at
Sat, 16 Dec 2000 19:45:37 +0100 (CET)


On Fri, 15 Dec 2000, Mayers, Philip J wrote:

> We've got a bespoke application for storing our (very large) user account
> database here. One field a user can have is a crypted unix password (which
> I'm currently using to authenticate users). The other thing that can exist
> is the Subject or SubjectAltName of an SSL certificate suitable for client
> web authentication.
 
> Apache will validate the certificate for me (by passing a valid CA cert to
> it's configuration) and I'm running over PCGI, so by the time we get into
> Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed
> in. What's the next step?

What might possibly help you:

* Look into mod_ssl's FakeBasicAuth feature

* Look at those How-Tos:
http://www.zope.org/Members/unfo/apache_zserver_ssl
http://www.zope.org/Members/Roug/certificate_mapping

Regards,
Stefan