Niklas Gustavsson wrote:
I'm currently looking into this request. If I understand your requirements correctly you would like to have the peer certificate chain available when the user logs in using the regular USER/PASS commands? I've refactored the UserManager interface to allow for a more general Authenication, writing one that includes the cert chain would be simple.
This is now implemented. During authentication the user manager now gets metadata about the user (current the remote IP address and the certificate chain if existing). A user manager can then use these to make a more informed decision on authentication.
Right now the default user managers ignore this data, if someone wants some control in there by default I'll be happy to look into it. I might also add a control for matching the certificate DN with a DN pattern configured for the user. Would this be of interest?
Gary, I hope this is enough for your needs. If not, feel free to bug me about it :-)
/niklas
