On Fri, Dec 15, 2000 at 11:42:23AM -0000, Mayers, Philip J wrote:
How would I go about making LoginManager authenticate them on the basis of the certificate subject?
Apache will validate the certificate for me (by passing a valid CA cert to it's configuration) and I'm running over PCGI, so by the time we get into Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed in. What's the next step?
ZServerSSL did this with Zope in "remote user" mode. Upon successful client cert verification, ZServerSSL maps the subject DN to a Zope username and sets REMOTE_USER accordingly. Zope's REMOTE_USER machinery took care of the rest. This was on 2.1.x. I've not had time to test ZServerSSL with 2.2.x. ZServerSSL is here: http://www.post1.com/home/ngps/zope/zssl Cheers. -- Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps