Sonu Kishore wrote: > Thanks Robert for writing in. > > I already have client authentication active for my specified folder.when ever a > user wants to access that folder they have to present their certificate... > > my question was - > > If i have a web site which requires users to logon with user id / password and > valid certificate..
There is no need of a passwd if you already require a valid issued certificate
to access the server. Indeed you can use the ENV variables set into Apache to
check the ID of the user ( better you include it into certificates' DN).
If the non-repudiation bit is set into the certificate, its usage is to be
considered non-repudiable.
[...]
> The first time user goes to my openca and requests for a certificate..
> certificate is issued to the user.
>
> The issued certificates are directly stored into my ldap..using ra interface.
>
> the ldap now has user id, password and the certificate
>
> my web site uses this ldap to authenticate the user and give access to the
> site.
This is another option, but it is not the only one, as I said before the
password could be not required as access to the secret key corresponding
to the issued certificate is itself a proof of id (it depends what your
policies are, obviously).
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
