[horde] ActiveSync login & client-side certificates
Jens-U. Mozdzen
jmozdzen at nde.ag
Tue Jun 3 10:16:53 UTC 2014
Hi Mike,
sorry, I missed your response.
Zitat von Michael J Rubinsky <mrubinsk at horde.org>:
> Quoting "Jens-U. Mozdzen" <jmozdzen at nde.ag>:
>> [...]
>> Using client-side certificates with Apache httpd 2.2 does conflict
>> with this: At least from httpd to mod_php (maybe already starting
>> at the client) CSCs are treated as a special case of basic auth.
>
> This is only true if using FakeBasicAuth though, right? Why don't
> you disable that in your Apache config?
Pardon my ignorance - but as far as I know, I need to use
FakeBasicAuth to use the certificates' information to restrict access
to httpd resources based on the DN of the used certificates... Since I
may very well have missed other ways to achieve the same goal, I'd be
grateful for any pointers if I'm wrong.
Just to summarize for others stumbling over this response:
- I'd like to restrict access to
https://www.myserver.com/Microsoft-Server-ActiveSync based on the DN
of a mandantory client-side certificate, at the web server level
- I'd still like to use the standard username/password ("basic
authentification") for authentication at the Horde level
Currently, I see no way easy to do both because httpd to my knowledge
needs the "FakeBasicAuth" option in order to set up access
restrictions at the httpd level - and that will inhibit a separate
basic authentication of the EAS client. And yes, this is no problem
caused by Horde :)
Regards,
Jens
More information about the horde
mailing list