#758 Support for CA managed access

open
nobody
Murmur (113)
5
2012-10-30
2010-06-24
devconsole
No

Hi,
I really would like to see support for real CA managed access for mumble.
In detail it would be great if i'd be able to control the following to accomplish this:
- Create my own CA and/or configure it as authoritative for the server
- Accept only users with valid certificates signed by this CA (e.g. no self-signed certificates, no expired certificates, no certificates, which provide their own CA [PKCS#12 tree], etc.)
- Block users with certificates on a configurable CRL

Discussion

  • Philip Cass
    Philip Cass
    2010-07-30

    the issue with this is that you're forcing users to use your certificate only. For some users this isn't a problem, but as soon as you have two servers doing this, anyone who wants to be registered on both has a big problem

    less negatively, this can already be done by providing your own authenticator via ICE. As the user's certificate is one of the things passed to the authenticator (as well as username and password), you can do any specific validity checks you want on the cert chain