Mike Koponick wrote:
This is a problem of the web server, not of OpenSSL, so it depends on the web server you are using.Hello Everyone,
Please forgive me, I am a newbie. I would like to authenticate my users to a website SQL database via a certificate.
Could I create a certificate that would allow a specific user (that the certificate was created for) to authenticate to a website that has the username/password information?
I don’t want the users to type in a username password after the have used the certificate.
This leads me to the following questions:
How is this done on the backend?
How is the information passed from the certificate to the SQL server for user authentication?
One approach used by IIS and Apache is storing the user's password and faking a user/password login to the application if a valid certificate for the user is received. So the application (CGI script or similar) does have not know the difference between user cert login and password login, it just uses the password from the environment variable.
This is a secure website that is an Intranet. We have a need for the SSL encryption, but not logging in manually.
If there is no need to log in manually why are you doing it? ;)
Since this is off-topic for this list I'd propose that you contact me directly if you need more hints. Or maybe even better use the appropriate mailing lists for the web server you are using... ;)Thanks in advance,
Mike
Hope it helps Ted ;)
-- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
