[horde] An Easy Way For Client Cert Auth?
Jan Schneider
jan at horde.org
Thu Mar 28 09:54:19 UTC 2013
Zitat von Christian Felsing <pug at felsing.net>:
> unfortunately ingo does not seem to read correct horde auth data, so a
> hook must be implemented:
>
> ./ingo/config/hooks.php has following content:
>
> ---cut here---
> <?php
>
> class Ingo_Hooks
> {
> public function transport_auth($driver)
> {
> return array(
> 'euser' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"],
> 'password' => sha1(rand()),
> 'username' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"]
> );
> }
>
> }
> ---cut here---
>
> password is a random value, because my certificate authentication based
> solution does not need passwords (which are always forgotten by users)
> and does not care about passwords.
>
> The feature "Automatic authentication as a certain user" is a very nice
> feature, if that "certain user" is controlled by a client certificate.
>
> config.php?app=horde does overwrites
> $conf['auth']['params']['username'] =
> $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"];
> in conf.php with content of that variable. I don't know if this a bug in
> Horde or if it an intended behaviour.
Intended, because you are supposed to enter a string value, not a PHP
expression there. If you copy that line below the marker in the
generated conf.php file, it won't be overwritten.
--
Jan Schneider
The Horde Project
http://www.horde.org/
More information about the horde
mailing list