Here is what I am trying to do The client to geode already setup as 2 way authentication at SSL, so a secured transport already been built.
At application layer, instead of using username and password, can I reuse the ssl authentication to authenticate the user)? Or this is totally wrong? Thanks, Nan From: Jinmei Liao [mailto:[email protected]] Sent: Wednesday, January 17, 2018 12:38 PM To: [email protected] Subject: Re: geode authentication Are you talking about SSL on the tcp layer, or the application layer authentication? AuthIntitialize produces a Property object and SecurityManager authenticate with a Property object. Theoretically, it should take what every you put in the property object. On Wed, Jan 17, 2018 at 10:09 AM, Xu, Nan <[email protected]<mailto:[email protected]>> wrote: Yes, I do, but still unclear to me how a certificate can be used. I implement the AuthInitialize interface, but this only take username and password, how do I get a TLS context? Thanks, Nan From: Jens Deppe [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, January 17, 2018 11:34 AM To: [email protected]<mailto:[email protected]> Subject: Re: geode authentication Hi Nan, Have you looked at this bit of documentation https://gemfire.docs.pivotal.io/geode/managing/security/implementing_authentication.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__gemfire.docs.pivotal.io_geode_managing_security_implementing-5Fauthentication.html&d=DwMFaQ&c=SFszdw3oxIkTvaP4xmzq_apLU3uL-3SxdAPNkldf__Q&r=HB5LZowSGF4DiMmOUsCX6Q&m=ecgOvdXyuXgcTZrgn8COy1k2UBmTeubm3cwOb8MI2Hk&s=inuT9Horl2W6wH-CYu_G4zxcVl3ODZSBUPBTWcY3MmM&e=>? --Jens On Wed, Jan 17, 2018 at 9:29 AM, Xu, Nan <[email protected]<mailto:[email protected]>> wrote: Not sure how geode can authenticate a user using a certificate + private key , don't see an api/callback at server side to get the client principle, can someone point me out ? Thanks, Nan ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. ________________________________ This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. -- Cheers Jinmei ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
