Fernando wrote: > I need to know if you can authenticate, using courier authlib and a LDAP, > vía x509 certs.
It is common to store x.509 certs in LDAP, and this would be an additional attribute to an LDAP record. You would then have an LDAP attribute which would hold the DN of the x.509 cert, which would be used to locate the cert in LDAP for retrieval / vertification purposes. In that setup, you can also create fields for courier uid and password and homedirectory and configure authldap to authenticate against those fileds using the instructions in the authlib documentation. If you want to authenticate users using the x.509 cert, then you will need some mechanism whereby the client uses a private key as part of the authentication process which is used to sign a unique session authentication token which can be verified on the server side against the x.509 cert in ldap. There are ways to plug such features into authlib, but I think you're going to have a problem finding a client to do that in the first place. Do you have something in mind in terms of the client that might work this way? haven't seen anything like this since x.400 Regards, -Enda. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
