[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tiger Server / Apache: client certs and SSL tunneling?

Subject: Re: Tiger Server / Apache: client certs and SSL tunneling?
From: Sergio Trejo <email@hidden>
Date: Fri, 29 Apr 2005 14:51:02 -1000
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lvx/DbrBUXqb4AYdow/RKVq/x3sDZo3J3DWPfkGR/IjiEVsK55wwbJaR9YgdXMYY5g84+26T2mtcpxWdwD32ytL2i8L0/ciTLjwxOOWjaN3YHr41HZVjFB/AagmVKDZvnt2xja9/+SVvje+TVIT1DYu85Dc0DGryxNf5pb94OdQ=

On 4/29/05, Dan Shoop <email@hidden> wrote:
> At 4:29 AM -1000 4/29/05, Sergio Trejo wrote:
> >I would like to host a Web site on a machine running Tiger Server and
> >am wondering if its possible for Apache (perhaps using
> >mod_auth_apple?) to verify *client* certificates as one of the access
> >control systems for the site?
> >
> 
> Could you discribe in more detail what you're looking for here, I'm
> not sure if I understand you correctly.

Hi Dan,

Yes, I would like to use client certificates for establishing the
identity of a user, for access control, such that the user is then
permitted to access either an entire web site on Tiger Server or
specific realms on a site (e.g., the site may be partly open and part
closed user group only). Akin to:

http://www.identityalliance.com/idally.html

> ID Ally provides everything you need to begin deploying and using Java Cards for
> security purposes. It provides the necessary software components to enable your smart
> card with a variety of applications and purposes such as:

> Mozilla Email, Web Authentication
> Web Authentication using Internet Explorer

The client (representing a member of the closed user group desiring
access to Tiger Server and thus the closed web site) could use a Mac
or a PC with a smart card reader that is in alignment with muscle card
 (the nice thing about muscle is that it fosters cross platform card
independent solutions and they encourage support of not just Linux but
OS X, too). So for instance, a client on a Windows PC or Mac Powerbook
could use an Athena card < http://www.athena-scs.com/downloads.asp >
to authenticate against an Xserve running Tiger Server.

Independent of the apache web server and mod_auth_apple, perhaps the
more appropriate first question is if Tiger Server can handle access
control via client certificates for authentication. Then the next
question would be if this form of access control (if it exists in
Tiger Server) can be glued to the Tiger Server's web server (namely
apache and I presume such access control glue is handled by the
proprietary apache module mod_auth_apple.so library).

Cheers,

Sergio
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Tiger Server / Apache: client certs and SSL tunneling?
  - From: Nigel Kersten <email@hidden>

References:
	>Tiger Server / Apache: client certs and SSL tunneling? (From: Sergio Trejo <email@hidden>)

Prev by Date: 10.4 Server Doc online
Next by Date: Re: Anyone tried managing 10.3 server with 10.4 client?
Previous by thread: Tiger Server / Apache: client certs and SSL tunneling?
Next by thread: Re: Tiger Server / Apache: client certs and SSL tunneling?
Index(es):
- Date
- Thread

Home