Lennart Regebro lennart@regebro.nu
Tue, 03 Jun 2003 11:18:11 +0200

Bill wrote:
> On another semi-related issue - how does one pass the certificate
> generated by apache to the Zserver for a kind of "single signon"?

Well, you don't pass the certificate, you pass the certificate 
information. This is done via environment variables named stuff like 
SSL_CLIENT_I_DN_CN and other cryptic names, and can only be done with 
CGI. So you'll need to setup Apache and Zope to use CGI. Luckily, you 
can use the normal Apache CGI, since the patches made by Zope com are 
only there to pass http login information, and you don't need that.

Then you need to use that information from the SSL_* variables to login. 
This can be done in various ways, by modyfying the Cookie Crumbler or by 
making modified versions of the user folder.