[horde] An Easy Way For Client Cert Auth?
Christian Felsing
pug at felsing.net
Thu Mar 28 09:46:37 UTC 2013
unfortunately ingo does not seem to read correct horde auth data, so a
hook must be implemented:
./ingo/config/hooks.php has following content:
---cut here---
<?php
class Ingo_Hooks
{
public function transport_auth($driver)
{
return array(
'euser' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"],
'password' => sha1(rand()),
'username' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"]
);
}
}
---cut here---
password is a random value, because my certificate authentication based
solution does not need passwords (which are always forgotten by users)
and does not care about passwords.
The feature "Automatic authentication as a certain user" is a very nice
feature, if that "certain user" is controlled by a client certificate.
config.php?app=horde does overwrites
$conf['auth']['params']['username'] =
$_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"];
in conf.php with content of that variable. I don't know if this a bug in
Horde or if it an intended behaviour.
best regards
Christian
More information about the horde
mailing list