[horde] An Easy Way For Client Cert Auth?
Christian Felsing
pug at felsing.net
Wed Mar 27 16:49:04 UTC 2013
Hello,
seems there is a very easy way to set up client cert authentication for
Horde:
$conf['auth']['admins'] = array('test at ip6mail.de');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['username'] =
$_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"];
$conf['auth']['params']['requestuser'] = false;
$conf['auth']['driver'] = 'auto';
$conf['auth']['params']['count_bad_logins'] = false;
$conf['auth']['params']['login_block'] = false;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;
In Case of client certificate Auth was successful, Apache environment
contains some variables from client cert, in that case
HTTP_SSL_CLIENT_S_DN_EMAIL.
Apache (2.4) cares about invalid accounts by OCSP/CRLs, users w/o valid
client cert get an error message.
best regards
Christian
More information about the horde
mailing list