Hi Johannes,
I haven't tried it by myself but theoratically when using a client certificate
the apache webserver adds SSL_SERVER_I_DN_CN and SSL_SERVER_I_DN_Email to the
$_SERVER array.
This makes it very easy to add a check if a certificate is available in
index.php.
if(!isset($_SERVER['SSL_SERVER_I_DN_CN'])) {
die('You must provide a valid client certificate!');
}
When anybody opens your owncloud without a certificate he will receive a blank
page which tells "You must provide a valid client certificate".
If the browser send this certificate the login should appear as usual.
Hope this helps as workaround.
Regards
Mario
-----Ursprüngliche Nachricht-----
Von: Dr. Johannes Zellner <[email protected]>
Gesendet: Mit 30 Oktober 2013 22:49
An: [email protected]
Betreff: Re: [Owncloud] oc with ssl client certificate
Hi,
thanks.
The interesting question from my (the client) perspective is: (how) did you
make it work on the server?
It's as simple as having the client certificate to grant (and be required) to
access the web server.
Afterwards I've to log into owncloud as usual.
So this is a two stage login process, which...
1. ...prevents anybody who doesn't have a valid client certificat to even see
the login page
2. ...still allows to log into owncloud under different accounts, e.g. an admin
and a user account (if you have the certificate)
This is perfectly what I like and what works inside a web browser.
In fact I wouldn't like the certificate to be linked to an owncloud account as
it wouldn't allow me to log in under different accounts any more.
I believe that this is a very common scenario that someone wishes to
double-protect a private owncloud server.
so it would be nice to have client authentication working with the owncloud
clients.
regards,
--
Johannes
2013/10/30 Daniel Molkentin <[email protected] <mailto:[email protected]> >
Hi Johannes,
Am 30.10.2013 um 17:03 schrieb Dr. Johannes Zellner:
how do owncloud clients work when apache is configured with ssl client
certificate authentification?
Neither the desktop nor the mobile clients support certificate authentication
at this point, see below for details.
does the windows client work with a client certificate?
The Desktop Client (which has the same codebase for all OSes), has
https://github.com/owncloud/mirall/issues/69 filed for that. It's not yet
scheduled for any release, but if you look at the bug report, someone has
volunteered to look into it, although it's been a few weeks since I last heard
of him.
The interesting question from my (the client) perspective is: (how) did you
make it work on the server? IMHO client certificates are only interesting if
ownCloud automatically maps them to a user (as opposed to just being in front
of http basic auth as a second layer), and afaik there is no user backend for
the server that implements such functionality.
does mounting via davfs2 on linux work with a client certificate?
Haven't tested that yet myself. The man page indicates that it does.
Cheers,
Daniel
--
www.owncloud.com <http://www.owncloud.com> - Your Data, Your Cloud, Your Way!
ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
_______________________________________________
Owncloud mailing list
[email protected] <mailto:[email protected]>
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
