directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@gmail.com>
Subject Re: certificate based client authentication ?
Date Tue, 09 Feb 2010 14:39:13 GMT
On Tue, Feb 9, 2010 at 5:20 AM, Wallace Wadge <wwadge@gmail.com> wrote:

> Hi,
>
> I have a requirement to only allow trusted clients to connect and fetch
> data
> off the apache DS (+ ability to revoke access). In other words I
> require certificate based client authentication.
>
> Is this supported by Apache DS at all? I trawled all the docs I could find
> but didn't find any suitable references.
>
>
This is not support fully but can be easily implemented. The capability is
there but a whitelist is needed, rather to be exact some kind of
authorization configuration is needed to determine which clients must
authenticate with their certificate and a configuration parameter to toggle
normal authentication with passwords needs to be added.

If this is done then the underlying MINA SSL capabilities should be
sufficient with cert extraction from the DIT to validate the credentials of
the client and authorize the connection.

-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message