Cheers Webguy, I'm not using LDAP at the moment but will probably seriously consider it in the future. Basically eversince I moved over from a Windows environment to linux, I've been trying to find a workaround for the cgi.remote_user variable presence. My apps originally detected the remote_user variable (user identification) then applied various application policies based upon the rules stored in the MS SQL database for the application. This worked nicely as my apps were all only accessible via VPN and thus user authentication and identification was taken care of by our win2k VPN server.
I've since changed our infrastructure over to linux and thus the cgi.remote_user variable is no longer available unless I re-introduce a manual login (authenticating against .htaccess) which is not what we want. We want to keep everything as transparent as possible. My solution is to implement pki across our vpn, which would then furnish me with cgi.cert_serial etc variables, which I can use as user identification values for my application policy rules tables. This also furnishes me with an additional security layer for my apps. I was aware of the CFLDAP/SSL bug in linux, which was possibly one of my reasons for staving off the changeover to LDAP at this stage. Anyway, thanks for the links. Especiaslly the ospki book link. I've been glossing through it over the last hour or so and it has some very useful info contained in it. Dave > -----Original Message----- > From: webguy [mailto:[EMAIL PROTECTED] > Sent: 07 March 2003 13:18 > To: CF-Talk > Subject: RE: PKI management tools using CFML > > > Forgot to mention there is, (was?), a bug using SSL in CFLDAP > on linux .. > > WG > > -----Original Message----- > From: webguy [mailto:[EMAIL PROTECTED] > Sent: 07 March 2003 13:07 > To: CF-Talk > Subject: RE: PKI management tools using CFML > > > Hi Dave, how are things? > > Do you have to use a DB? Often p/p keys are stored in an > LDAP Repository. > You're using linux right? IMHO OpenLDAP is the best > Opensource LDAP server. > > http://ospkibook.sourceforge.net/ free pki book. > > Links: > > OpenCA http://www.openca.org > Jonah http://www.foobar.com/jonah/ > > > Also there a XML Key Management Specification (XKMS), have a > look around lot > of java code for this.. > > WG > > -----Original Message----- > From: Dave Wilson [mailto:[EMAIL PROTECTED] > Sent: 07 March 2003 12:38 > To: CF-Talk > Subject: PKI management tools using CFML > > > Hi all, > > I'm about to embark on a mini project, building some tools > for web based > management of Public/Private key pairs (issue requests and > revocations) on a > (as yet to be installed and configured) linux OpenCA > Certificate server. > > I'm wondering if anybody has already done anything in this > area in the past > and would be keen to learn from their experiences. No point > in re-inventing > the wheel. > > TIA, > Dave > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4