http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296
Chris Cormack <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #4452|0 |1 is obsolete| | --- Comment #3 from Chris Cormack <[email protected]> 2011-07-28 22:45:38 UTC --- Created attachment 4773 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=4773 Bug 6296: allow users to be authenticated by SSL client certs This adds a new syspref: AllowPKIAuth. It can have one of three states: * None * Common Name * emailAddress If a) this is set to something that's not "None", and b) the webserver is passing SSL client cert details on to Koha, then the relevant field in the user's certificate will be matched up against the field in the database and they will be automatically logged in. This is used as a secure form of single sign-on in some organisations. The "Common Name" field is matched up against the userid, while "emailAddress" is matched against the primary email. This is an example of what might go in the Apache configuration for the virtual host: SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile /etc/apache2/ssl/test/ca.crt SSLOptions +StdEnvVars The last line ensures that the required details are passed to Koha. Signed-off-by: Chris Cormack <[email protected]> -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
