Frank Gevaerts <frank@gevaerts.be> [2003:10:04:22:25:54+0200] scribed: > On Sat, Oct 04, 2003 at 02:56:14PM -0500, Michael D Schleif wrote: > > As I responded to Aaron's message, we are looking for some kind of > > passive authentication, like an SSL Certificate. > > > > We do not want to have to rely on humans remembering another > > username/password, especially since the web application already has that > > control. > > > > We do not want the complications intrinsic to an httpd.conf embedded > > ACL. > > > > I know that I appear to be hung up on SSL Certificates; but, that model > > appears to meet our needs -- if only I can find the requisite > > documentation. > > Have you tried google ? > http://www.google.com/search?q=apache+certificate+authentication > > Using that, I found http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9 > which seems to be about what you want to do OK, this section is what I need -- thank you: <http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6> Correct me if I am wrong; but, this is the process? [1] One (1) Certificate per client/browser authenticates *both* the server to the client, and the client to the server; and [2] Each client/browser can have *either* a unique client-specific Certificate, or each client/browser can have a Certificate _common_ to a group, for purposes of authentication in point [1]. [3] Will we need to become our own Certificate Authority, or would this work just as well with self-signed Certificates, and without any upline authority? Once I am clear on these points, I can go back to openssl, build some Certificates and test, test, test . . . What do you think? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpTCrU1e12WB.pgp
Description: PGP signature