Cheers Webguy,
I'm not using LDAP at the moment but will probably seriously consider it in
the future. Basically eversince I moved over from a Windows environment to
linux, I've been trying to find a workaround for the cgi.remote_user
variable presence. My apps originally detected the remote_user variable
(user identification) then applied various application policies based upon
the rules stored in the MS SQL database for the application. This worked
nicely as my apps were all only accessible via VPN and thus user
authentication and identification was taken care of by our win2k VPN server.
I've since changed our infrastructure over to linux and thus the
cgi.remote_user variable is no longer available unless I re-introduce a
manual login (authenticating against .htaccess) which is not what we want.
We want to keep everything as transparent as possible. My solution is to
implement pki across our vpn, which would then furnish me with
cgi.cert_serial etc variables, which I can use as user identification values
for my application policy rules tables. This also furnishes me with an
additional security layer for my apps.
I was aware of the CFLDAP/SSL bug in linux, which was possibly one of my
reasons for staving off the changeover to LDAP at this stage.
Anyway, thanks for the links. Especiaslly the ospki book link. I've been
glossing through it over the last hour or so and it has some very useful
info contained in it.
Dave
-Original Message-
From: webguy [mailto:[EMAIL PROTECTED]
Sent: 07 March 2003 13:18
To: CF-Talk
Subject: RE: PKI management tools using CFML
Forgot to mention there is, (was?), a bug using SSL in CFLDAP
on linux ..
WG
-Original Message-
From: webguy [mailto:[EMAIL PROTECTED]
Sent: 07 March 2003 13:07
To: CF-Talk
Subject: RE: PKI management tools using CFML
Hi Dave, how are things?
Do you have to use a DB? Often p/p keys are stored in an
LDAP Repository.
You're using linux right? IMHO OpenLDAP is the best
Opensource LDAP server.
http://ospkibook.sourceforge.net/ free pki book.
Links:
OpenCA http://www.openca.org
Jonah http://www.foobar.com/jonah/
Also there a XML Key Management Specification (XKMS), have a
look around lot
of java code for this..
WG
-Original Message-
From: Dave Wilson [mailto:[EMAIL PROTECTED]
Sent: 07 March 2003 12:38
To: CF-Talk
Subject: PKI management tools using CFML
Hi all,
I'm about to embark on a mini project, building some tools
for web based
management of Public/Private key pairs (issue requests and
revocations) on a
(as yet to be installed and configured) linux OpenCA
Certificate server.
I'm wondering if anybody has already done anything in this
area in the past
and would be keen to learn from their experiences. No point
in re-inventing
the wheel.
TIA,
Dave
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4