On Fri, 15 Dec 2000, Mayers, Philip J wrote:
We've got a bespoke application for storing our (very large) user account database here. One field a user can have is a crypted unix password (which I'm currently using to authenticate users). The other thing that can exist is the Subject or SubjectAltName of an SSL certificate suitable for client web authentication.
Apache will validate the certificate for me (by passing a valid CA cert to it's configuration) and I'm running over PCGI, so by the time we get into Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed in. What's the next step?
What might possibly help you: * Look into mod_ssl's FakeBasicAuth feature * Look at those How-Tos: http://www.zope.org/Members/unfo/apache_zserver_ssl http://www.zope.org/Members/Roug/certificate_mapping Regards, Stefan