On Tue, Feb 1, 2011 at 12:02 PM, Marsh Ray <ma...@extendedsubset.com> wrote:
can meet the requirement of "implement it
only for some accounts" (with the implicit requirement that it doesn't
bother or affect people who are not using it). Can a client certificate
solution be made to work?
Those accounts would probably have to access a particular URL and be banned
from the main one. May or may not be an issue.
Actually, for those accounts, you might redirect to a hostname which is set up
to require certificate authentication, then insert their sessions and
credentials into Bugzilla's cache. The authentication step is the only thing
that needs to change.
-Kyle H
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
