[horde] An Easy Way For Client Cert Auth?

Christian Felsing pug at felsing.net
Wed Mar 27 16:49:04 UTC 2013


Hello,

seems there is a very easy way to set up client cert authentication for
Horde:

$conf['auth']['admins'] = array('test at ip6mail.de');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['username'] =
$_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"];
$conf['auth']['params']['requestuser'] = false;
$conf['auth']['driver'] = 'auto';
$conf['auth']['params']['count_bad_logins'] = false;
$conf['auth']['params']['login_block'] = false;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;

In Case of client certificate Auth was successful, Apache environment
contains some variables from client cert, in that case
HTTP_SSL_CLIENT_S_DN_EMAIL.

Apache (2.4) cares about invalid accounts by OCSP/CRLs, users w/o valid
client cert get an error message.

best regards
Christian


More information about the horde mailing list