I doubt whether the user certificate(any Role) is checked by RAServer during the execution of an operation?
We only compare the certificate which was received by the apache with the certificate in our database. The real handshake is done by the ssl module of the apache.
I have checked until now only in http. The results make me perplexed. Pls clarify whether https configuration is neccessary for RAServer to function for the expected results.
Yes, it is necessary that the user presents it's certificate to the apache. Therefore I start developing a complete new module for the authentication. The new module will verify the certificate by itself.
Some minutes ago I checked in a new version of this access control into the head of the CVS. The new version supports until now the channel verification, login and sessionhandling. The next step is a new ACL but until now we have no idea how to design a powerful but simple to manage ACL.
The login can be passphrase based (crypt, MD5 or SHA1) or certificate based. The cert based variant of the login works only with IE and Netscape 4.7x because we don't know how to sign form data with other browsers. Until now the new access control is only included in the CA interface. If the tests with new module are successful then we move it to the other interfaces.
Best regards
Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2704 10099 Berlin Germany http://www.openca.org
-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
