http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296
Robin Sheat <ro...@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #5971|0 |1 is obsolete| | --- Comment #13 from Robin Sheat <ro...@catalyst.net.nz> 2011-11-24 02:39:23 UTC --- Created attachment 6386 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6386 Bug 6296: allow users to be authenticated by SSL client certs This adds a new syspref: AllowPKIAuth. It can have one of three states: * None * Common Name * emailAddress If a) this is set to something that's not "None", and b) the webserver is passing SSL client cert details on to Koha, then the relevant field in the user's certificate will be matched up against the field in the database and they will be automatically logged in. This is used as a secure form of single sign-on in some organisations. The "Common Name" field is matched up against the userid, while "emailAddress" is matched against the primary email. This is an example of what might go in the Apache configuration for the virtual host: SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile /etc/apache2/ssl/test/ca.crt SSLOptions +StdEnvVars The last line ensures that the required details are passed to Koha. Conflicts: installer/data/mysql/sysprefs.sql installer/data/mysql/updatedatabase.pl -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/