[horde] ActiveSync login & client-side certificates
Michael J Rubinsky
mrubinsk at horde.org
Tue Jun 3 13:29:52 UTC 2014
Quoting "Jens-U. Mozdzen" <jmozdzen at nde.ag>:
> Hi Mike,
>
> sorry, I missed your response.
>
> Zitat von Michael J Rubinsky <mrubinsk at horde.org>:
>> Quoting "Jens-U. Mozdzen" <jmozdzen at nde.ag>:
>>> [...]
>>> Using client-side certificates with Apache httpd 2.2 does conflict
>>> with this: At least from httpd to mod_php (maybe already starting
>>> at the client) CSCs are treated as a special case of basic auth.
>>
>> This is only true if using FakeBasicAuth though, right? Why don't
>> you disable that in your Apache config?
>
> Pardon my ignorance - but as far as I know, I need to use
> FakeBasicAuth to use the certificates' information to restrict
> access to httpd resources based on the DN of the used
> certificates... Since I may very well have missed other ways to
> achieve the same goal, I'd be grateful for any pointers if I'm wrong.
Ah. Well, if that is the case, then you are right, the two cannot coexist.
In Horde 5.2, if you are willing to let go of the requirement that the
DN restriction be done at the webserver level (you can still enforce
the use of a valid certificate at the webserver level) you can
implement any specific user/DN restriction on the Horde level using
hooks.
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
More information about the horde
mailing list