[Zope] LoginManager and SSL client authentication
Ng Pheng Siong
ngps@post1.com
Sat, 16 Dec 2000 00:49:10 +0800
On Fri, Dec 15, 2000 at 11:42:23AM -0000, Mayers, Philip J wrote:
> How would I go about making LoginManager authenticate them on the basis of
> the certificate subject?
>
> Apache will validate the certificate for me (by passing a valid CA cert to
> it's configuration) and I'm running over PCGI, so by the time we get into
> Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed
> in. What's the next step?
ZServerSSL did this with Zope in "remote user" mode.
Upon successful client cert verification, ZServerSSL maps the subject
DN to a Zope username and sets REMOTE_USER accordingly. Zope's
REMOTE_USER machinery took care of the rest.
This was on 2.1.x. I've not had time to test ZServerSSL with 2.2.x.
ZServerSSL is here:
http://www.post1.com/home/ngps/zope/zssl
Cheers.
--
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps