#24 Identify users using client certificates

closed-accepted
None
5
2005-10-22
2003-05-13
No

This patch allows to identifiy Moin users using SSL
client certificates. Specifically, it uses the common
name and the email address from the cerificate's
subject's distinguished name. Cookies and Moin user ids
are still used, and finding users works like this

1. If there is a cookie, use that

2. If there is no cookie, iterate over all users, and
try to find one with the same email address or where
the X.509 common name is the same as the Moin user name.

3. If no user is found, but either the email address or
the common name is set, create a new user.

This patch works only with Apache mod_ssl, as it relies
on the environment variables SSL_CLIENT_S_DN* being set.

Discussion

  • Martin v. Löwis

     
    Attachments
  • Thomas Waldmann

    Thomas Waldmann - 2004-09-25

    Logged In: YES
    user_id=100649

    Martin, I don't think any of the devels uses client
    certificates, so we could not test it.

    Would you test it if we include your patch into 1.2.x (and
    later, into 1.3)?

    I would make the necessary changes to adapt it to the
    current version (like using request object).

     
  • Thomas Waldmann

    Thomas Waldmann - 2004-09-25
    • assigned_to: nobody --> thomaswaldmann
     
  • Martin v. Löwis

    Logged In: YES
    user_id=21627

    I can certainly test it, yes.

     
  • Alexander Schremmer

    Logged In: YES
    user_id=254738

    So, will someone adapt the patch to 1.3?

     
  • Thomas Waldmann

    Thomas Waldmann - 2005-10-22

    Logged In: YES
    user_id=100649

    Implemented by MoinMoin/auth.py function sslclientcert.

    See
    http://moinmoin.wikiwikiweb.de/FeatureRequests/AuthByClientCert

    If you need this functionality, please help us testing.
    Currently this is completely untested as we have no setup
    using ssl client certs.

    Autosave of accounts is not implemented yet (as for most
    auth.py methods).

     
  • Thomas Waldmann

    Thomas Waldmann - 2005-10-22
    • status: open --> closed-accepted
     
  • Thomas Waldmann

    Thomas Waldmann - 2005-11-27

    Logged In: YES
    user_id=100649

    user_autocreate was implemented in moin--main--1.5--patch-247.

     
  • Martin v. Löwis

    Logged In: YES
    user_id=21627

    Thanks, I will try this out and report back when I can find
    the time for it (on the production systems, I still use my
    patch).

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks