httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rudolf Wolf <rudolf.w...@dantax.cz>
Subject Re: [users@httpd] LDAP authentication & Certificate authentication
Date Tue, 22 Oct 2002 09:43:39 GMT

Hi Jose,

 I want this to have the ability to login, if I don't have a certificate with me. For example:
1. I have my certificate and private ke in my notebook with windows, but I have another computer
at home and I don't want to give the private key and certificate to all computer, where I
could login. 2. I want to have a certificate authentication as a comfortable function for
my clients, who has certficate, but I want have a way for other users on my system, who has
login and password, but they don't have issued certificate.

Bye
Ruda

 
On Tue, Oct 22, 2002 at 11:35:04AM +0200, Jose Correia (J) wrote:
> Hi Ruda
> 
> I haven't used mod_auth_ldap, but rather mod_authz_ldap. With
> mod_authz_ldap I know that you can do both certificate and basic
> authentication  but you must always do both. i.e. there isn't a way to
> say if one fails than do the other...
> 
> Why would you want that anyway? If the certificate fails, than that
> either means it isn't valid (depending on the message) or it has
> expired. If it is the second one, then you can reissue a new one and
> send it to the client.
> 
> I have both certificate and basic authentication going over SSL
> (otherwise basic authentication would be pretty futile) but that is a
> client requirement.
> 
> Regards
> Jose
> 
> 
> -----Original Message-----
> From: Rudolf Wolf [mailto:rudolf.wolf@dantax.cz]
> Sent: 22 October 2002 11:09
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] LDAP authentication & Certificate
> authentication
> 
> 
> 
> Hi,
> 
> I'm using OpenLDAP 2.0.23, Apache 2.0.39 with mod_auth_ldap from
> Apache website and OpenSSL 0.9.6g. 
> 
> Yes, I want have possibility to have a certificate authentication as a
> 'default' and in case of error to be asked for LDAP username and
> password. All should be over SSL. My certificate authentication is now
> working properly.
> 
> Bye
> Ruda.
> 
> On Tue, Oct 22, 2002 at 09:32:20AM +0200, Jose Correia (J) wrote:
> > Hi there
> > 
> > Which packages are you using for the ldap authentication and which
> > modules are you using to get ldap to talk to apache??
> > 
> > And are you wanting both certificate and basic authentication over
> > SSL? Or can't you get certificate authentication to work?
> > 
> > Regards
> > Jose
> > 
> > -----Original Message-----
> > From: Rudolf Wolf [mailto:rudolf.wolf@dantax.cz]
> > Sent: 22 October 2002 09:23
> > To: users@httpd.apache.org
> > Subject: [users@httpd] LDAP authentication & Certificate
> > authentication
> > 
> > 
> > 
> > Hello,
> > 
> > I try to solve this problem. We are using LDAP authentication to
> > access document in our secured website. But now we want use a
> > certificate authentication. I set it up and there was no bigger
> > problem, but now I want to set possibility after unsuccessfult
> > certification authentication ie. I'm not on my computer with
> > certificate+private key but need continue  via LDAP authentication.
> > 
> > Is it possible to do this and how?
> > 
> > Thanks,
> > Ruda Wolf.
> > 
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message