I am interested in constructing an environment where an identity token is stored on a user-specific hardware (eg keyfob or smartcard) and the matching token is in an LDAP directory. After looking through the Apache 2 mod_auth_ldap documentation, it occured to me that the base functionality for the check is there, so long as there isa way to pass along what cart or whatever is being used in the connection.
And there is the rub. As near as I can tell, the only SSL info availible is on specifying a trusted CA for cert origination in the case of an ldaps-based identity query, NOT for client verification and authentication. Do the mod_auth_ldap directives somehow allow me to do an X509 client cert/token match? -- -------------------- Wayne S. Frazee "Any sufficiently developed bug is indistinguishable from a feature."
pgp45NpowTKsl.pgp
Description: PGP signature
