[horde] An Easy Way For Client Cert Auth?

Jan Schneider jan at horde.org
Thu Mar 28 09:54:19 UTC 2013


Zitat von Christian Felsing <pug at felsing.net>:

> unfortunately ingo does not seem to read correct horde auth data, so a
> hook must be implemented:
>
> ./ingo/config/hooks.php has following content:
>
> ---cut here---
> <?php
>
> class Ingo_Hooks
> {
>     public function transport_auth($driver)
>     {
>         return array(
>                 'euser' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"],
>                 'password' => sha1(rand()),
>                 'username' => $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"]
>             );
>     }
>
> }
> ---cut here---
>
> password is a random value, because my certificate authentication based
> solution does not need passwords (which are always forgotten by users)
> and does not care about passwords.
>
> The feature "Automatic authentication as a certain user" is a very nice
> feature, if that "certain user" is controlled by a client certificate.
>
> config.php?app=horde does overwrites
> $conf['auth']['params']['username'] =
> $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"];
> in conf.php with content of that variable. I don't know if this a bug in
> Horde or if it an intended behaviour.

Intended, because you are supposed to enter a string value, not a PHP  
expression there. If you copy that line below the marker in the  
generated conf.php file, it won't be overwritten.
-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list