[Zope-dev] [ANNOUNCE] ZServerSSL 0.04

Ng Pheng Siong ngps@post1.com
Wed, 26 Apr 2000 00:28:12 +0800


Hello,

I am pleased to announce the release of ZServerSSL 0.04. 

ZServerSSL provides a HTTPS server for Zope. In normal operation, ZServerSSL 
protects user names, passwords and data in transit against eavesdropping.

This release of ZServerSSL presents a significant enhancement: X.509 
certificate-based authentication for Zope.

In this mode, Zope is run in "remote user" mode, and ZServerSSL's HTTPS server 
is configured to *require* user certificates. 

When a user connects, ZServerSSL handles certificate verification, maps the 
user certificate's "subject distinguished name" to a Zope username and sets 
REMOTE_USER accordingly. Zope's REMOTE_USER machinery takes care of the rest.

Given valid user certificates and mappings from certificates to Zope users, 
Zope no longer requires passwords for access. This improves site security 
by removing the need to store passwords on the Zope site.

This mode of operation can be adapted to other HTTPS servers like Apache+SSL, 
Roxen+SSL, etc. that perform certificate-based authentication.

ZServerSSL is bundled with the latest snapshot of M2Crypto, and is also
available as a separate package. It can be downloaded from here:

    http://www.post1.com/home/ngps/m2

Usual disclaimers apply. Feedback is very much appreciated.

Cheers.
-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps

(BTW, what's this about no cross-posting btw zope-dev and zope?)