Gary,
[EMAIL PROTECTED] wrote:
I've gone ahead and added this as a separate Improvement item in JIRA.
FTPSERVER-54 (Expand authentication capability of UserManager interface)
The current authenticate method in the UserManager interface allows for
UserManager implmentations to authenticate login requests with just
username and password. Given the support for FTPS and client certificate
checking, it would make sense to include additional information for
authentication purposes. By including the RequestHandler, we could get
access to the control socket (for information like the client IP
address) as well as get the client's certificate chain in case the
Socket is an instance of SSLSocket. Once the client certificate is
available, a UserManager implementation can perform 2 factor
authentication by matching the user login with parameters within the
client certificate.
I'm currently looking into this request. If I understand your
requirements correctly you would like to have the peer certificate chain
available when the user logs in using the regular USER/PASS commands?
I've refactored the UserManager interface to allow for a more general
Authenication, writing one that includes the cert chain would be simple.
I have also played around with another option which is to automatically
log in the user based on the certificate (without the need of the
USER/PASS commands). However, there are some issues with this approach
(like how the client would know that it has been login in) so I don't
think I will commit it (unless someone convinces me otherwise).
/niklas
