6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Certificate login
FromSent OnAttachments
Fernando IglesiasNov 16, 2007 1:45 am 
EndaNov 16, 2007 3:07 am 
Fernando IglesiasNov 16, 2007 3:51 am 
Sam VarshavchikNov 16, 2007 4:04 am 
EndaNov 16, 2007 4:21 am 
Fernando IglesiasNov 16, 2007 4:34 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] Certificate loginActions...
From:Enda (en@codefoundry.com)
Date:Nov 16, 2007 3:07:42 am
List:net.sourceforge.lists.courier-users

Fernando wrote:

I need to know if you can authenticate, using courier authlib and a LDAP, vía x509 certs.

It is common to store x.509 certs in LDAP, and this would be an additional attribute to an LDAP record. You would then have an LDAP attribute which would hold the DN of the x.509 cert, which would be used to locate the cert in LDAP for retrieval / vertification purposes.

In that setup, you can also create fields for courier uid and password and homedirectory and configure authldap to authenticate against those fileds using the instructions in the authlib documentation.

If you want to authenticate users using the x.509 cert, then you will need some mechanism whereby the client uses a private key as part of the authentication process which is used to sign a unique session authentication token which can be verified on the server side against the x.509 cert in ldap. There are ways to plug such features into authlib, but I think you're going to have a problem finding a client to do that in the first place.

Do you have something in mind in terms of the client that might work this way? haven't seen anything like this since x.400

Regards,

-Enda.