[Zope] LoginManager and SSL client authentication

Ng Pheng Siong ngps@post1.com
Sat, 16 Dec 2000 00:49:10 +0800


On Fri, Dec 15, 2000 at 11:42:23AM -0000, Mayers, Philip J wrote:
> How would I go about making LoginManager authenticate them on the basis of
> the certificate subject?
> 
> Apache will validate the certificate for me (by passing a valid CA cert to
> it's configuration) and I'm running over PCGI, so by the time we get into
> Zope, we can "TRUST" the SSL_CLIENT_S_DN and SSL_CLIENT_I_DN values passed
> in. What's the next step?

ZServerSSL did this with Zope in "remote user" mode. 

Upon successful client cert verification, ZServerSSL maps the subject 
DN to a Zope username and sets REMOTE_USER accordingly. Zope's 
REMOTE_USER machinery took care of the rest.

This was on 2.1.x. I've not had time to test ZServerSSL with 2.2.x.

ZServerSSL is here:

    http://www.post1.com/home/ngps/zope/zssl


Cheers.
-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps