[cvs] [Wiki] changed: HordeSSLAuthHowTo

Wiki Guest wikiguest at horde.org
Tue Jun 27 07:03:36 PDT 2006


guest [130.219.235.253]  Tue, 27 Jun 2006 07:03:36 -0700

Modified page: http://wiki.horde.org/HordeSSLAuthHowTo
New Revision:  1.1
Change log:  corrected a typo

@@ -9,9 +9,9 @@
 Authenticating to Horde should be surprisingly simple, and you should be able to use the Basic Authentication driver, since Apache's X509 authentication functions in much the same manner and relies on the web server prompting one's browser to authenticate.
 
 **##red|//But Wait!//##**
 
-Authenticating using X509 user certificates has more in common with using the [http://wiki.horde.org/ShibbolethAuthHowTo Shibboleth Authentication Driver].  For example, unlike //real// Basic Authentication, one's password is never passed across the network, and is not available in an environment variable.  Unless you plan on using X509 authentication for your mail service (//most unlikely//), you should pay close attention to faking a SSO (//Single Sign On//) arrangement.  Specifially, you should examine the instructions and samples there for
+Authenticating using X509 user certificates has more in common with using the [http://wiki.horde.org/ShibbolethAuthHowTo Shibboleth Authentication Driver].  For example, unlike //real// Basic Authentication, one's password is never passed across the network, and is not available in an environment variable.  Unless you plan on using X509 authentication for your mail service (//most unlikely//), you should pay close attention to faking a SSO (//Single Sign On//) arrangement.  Specifically, you should examine the instructions and samples there for
 * selecting an HTTP header to convey the username (//hint: you might parse SSL_CLIENT_S_DN_Email//)
 * adding credentials (//e.g., mailhost, username, password//) to a prefs backend so you can use hordeauth
 
 Perhaps, by the time you read this, someone will have written an X509 Auth driver for Horde.  Regardless, you will still want to read about...
@@ -35,10 +35,10 @@
         SSLOptions  +StdEnvVars +ExportCertData +FakeBasicAuth +OptRenegotiate +CompatEnvVars
         SSLVerifyClient   require
         SSLVerifyDepth    5
         SSLRequireSSL
-        SSLRequire %{SSL_CLIENT_I_DN_CN} eq "the CN of the Issuer DN of client's certificate in quotes" \ 
-         and %{SSL_CLIENT_S_DN_O} eq "the O of the Subject DN in client's certificate in quotes" \ 
+        SSLRequire %{SSL_CLIENT_I_DN_CN} eq "the CN of the Issuer DN of client's certificate in quotes"  
+         and %{SSL_CLIENT_S_DN_O} eq "the O of the Subject DN in client's certificate in quotes"  
          and %{SSL_CLIENT_S_DN_CN} in {"the CN of one or more", "comma delimited Subject DNs in quotes"}
 </Directory>
 </code>
 ++++ An authentication setup for many users with certs from a given CA
@@ -47,10 +47,10 @@
         SSLOptions  +StdEnvVars +ExportCertData +OptRenegotiate +FakeBasicAuth
         SSLVerifyClient   require
         SSLVerifyDepth    5
         SSLRequireSSL 
-        SSLRequire %{SSL_CLIENT_I_DN_CN} eq "the CN of Issuer DN of client's certificate in quotes" \ 
-         and %{SSL_CLIENT_S_DN_O} eq "the O of Subject DN in client's certificate in quotes" \ 
+        SSLRequire %{SSL_CLIENT_I_DN_CN} eq "the CN of Issuer DN of client's certificate in quotes"  
+         and %{SSL_CLIENT_S_DN_O} eq "the O of Subject DN in client's certificate in quotes"  
          and %{SSL_CLIENT_S_DN_OU} eq ""the OU of Subject DN in client's certificate in quotes"
 </Directory>
 </code>
 ----


More information about the cvs mailing list