Ok, I'll try to introduce my idea. I've a x509 cert, the field CN is a user
name that exists into LDAP server, I can extract this CN from cert using
Apache SSL, then a php program take this username and try to login into
courier imap using courier authlib and a LDAP server, but a password is
needed.
So my idea was, "can i use this cert to authenticate user directly?". If I
store x509 certs in LDAP, can I configure authlib to authenticate against
the pair (user name,x509 cert).
Regards,
On Nov 16, 2007 12:08 PM, Enda < [EMAIL PROTECTED]> wrote:
> Fernando wrote:
> > I need to know if you can authenticate, using courier authlib and a
> LDAP,
> > vía x509 certs.
>
> It is common to store x.509 certs in LDAP, and this would be an additional
> attribute to an LDAP record. You would then have an LDAP attribute which
> would hold the DN of the x.509 cert, which would be used to locate the
> cert
> in LDAP for retrieval / vertification purposes.
>
> In that setup, you can also create fields for courier uid and password and
> homedirectory and configure authldap to authenticate against those fileds
> using the instructions in the authlib documentation.
>
> If you want to authenticate users using the x.509 cert, then you will need
> some mechanism whereby the client uses a private key as part of the
> authentication process which is used to sign a unique session
> authentication
> token which can be verified on the server side against the x.509 cert in
> ldap. There are ways to plug such features into authlib, but I think
> you're
> going to have a problem finding a client to do that in the first place.
>
> Do you have something in mind in terms of the client that might work this
> way? haven't seen anything like this since x.400
>
> Regards,
>
> -Enda.
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> courier-users mailing list
> [email protected]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
--
I should have known better
Than to let you go alone
It's times like these
I can't make it on my own
Wasted days, and sleepless nights
An' I can't wait to see you again
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
