Re: LDAP validation using certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Thank you for the reply.

Eric, I know that I can use the mod_ssl to store certificates in one Apache, but I want have the certificates in LDAP because I have two or three Apaches or maybe more in the future and I don't want replicate this files in all Apaches

Darren, the problem is that I generate by myself the certificates and I can revoke this certificates, therefor I need to take each certificate from the client to see if it is valid or not. I don't need trust in CA authorities

Now I try to recompiling some modules and configure Apache like shows this bug:

https://issues.apache.org/bugzilla/show_bug.cgi?id=48780

But there isn't examples how to configure the Apache, I'll tell you how to do this work if I have successful.

Kings Regards

Martin



2011/8/5 Darren Spruell <phatbuckett@xxxxxxxxx>
On Fri, Aug 5, 2011 at 1:56 AM, Martin Sanchez <marsanvi@xxxxxxxxx> wrote:
> Hello,
> I've read about this topic in mailing list but I didn't found the solution.
> I want validate LDAP users against Apache using the certificates than the
> user store in LDAP.
> I mean, I create and store the X509 certificates in LDAP. Afterwards I send
> to my clients the certificate and they install those certificates in their
> browsers.
> Now I want validate the users using the certificate instead of the user-name
> and the password.

One point on certificate auth - you don't need to have access to
client certificates to validate identities (meaning, you don't need to
consult LDAP or another store containing user certificate data) - you
just need to configure your server to trust the Certificate Authority
(CA) that issued those certificates. This is the fundamental basis of
PKI and X.509 certificate authentication. It's the same way that your
browser trusts an SSL web server (trusted CA store).

The SSL howto has some resources on this ("Client Authentication and
Access Control"):

http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html

mod_ssl has served me well for this in the past:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

--
Darren Spruell
phatbuckett@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
� " � from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux