On Fri, Dec 15, 2000 at 11:42:23AM -0000, Mayers, Philip J wrote:
> How would I go about making LoginManager authenticate them on the basis of
> the certificate subject?
> Apache will validate the certificate for me (by passing a valid CA cert to
> it's configuration) and I'm running over PCGI, so by the time we get into
> Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed
> in. What's the next step?

ZServerSSL did this with Zope in "remote user" mode. 

Upon successful client cert verification, ZServerSSL maps the subject 
DN to a Zope username and sets REMOTE_USER accordingly. Zope's 
REMOTE_USER machinery took care of the rest.

This was on 2.1.x. I've not had time to test ZServerSSL with 2.2.x.

ZServerSSL is here:


Ng Pheng Siong <[EMAIL PROTECTED]> * http://www.post1.com/home/ngps

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to