I'll wait for the patch. On Friday, 20 July 2012 07:51:37 UTC-5, Michele Comitini wrote: > > > Michelle, I know you wrote the code, but I believe X509Account should be > > replaced with X509Auth, no? > > Ahem... I stand corrected, you are right I just copied a comment in > the code. The comment must be fixed. > > mic > > > 2012/7/20 tiadobatima <gbara...@gmail.com>: > > Thanks guys! > > > > I'm using nginx too, and I followed roughly the same steps but using > uwsgi. > > Michelle, I know you wrote the code, but I believe X509Account should be > > replaced with X509Auth, no? > > > > from gluon.contrib.login_methods.x509_auth import X509Auth > > > > auth.settings.actions_disabled=['register','change_password', > > 'request_reset_password','profile'] > > auth.settings.login_form = X509Autht() > > > > Cheers, > > g. > > > > On Thursday, 19 July 2012 13:27:30 UTC-7, Michele Comitini wrote: > >> > >> - Install M2Crypto. > >> - If you use rocket be sure to pass the --ca-cert option or if you use > >> another server configure the server to support client certificate > >> validation and to pass needed SSL variables in wsgi environment*. > >> - In you model put the following: > >> > >> from gluon.contrib.login_methods.x509_auth import X509Account > >> auth.settings.actions_disabled=['register','change_password', > >> 'request_reset_password','profile'] > >> auth.settings.login_form = X509Account() > >> > >> > >> *for example in nginx + scgi setup to pass environment variables add > >> the following in the ssl server stanza: > >> > >> scgi_param SSL_PROTOCOL $ssl_protocol; > >> scgi_param HTTPS on; > >> scgi_param SSL_CIPHER $ssl_cipher; > >> scgi_param SSL_CLIENT_SERIAL > $ssl_client_serial; > >> scgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; > >> scgi_param SSL_CLIENT_I_DN $ssl_client_i_dn; > >> scgi_param SSL_SESSION_ID $ssl_session_id; > >> scgi_param SSL_CLIENT_CERT $ssl_client_cert; > >> scgi_param SSL_CLIENT_RAW_CERT > >> $ssl_client_raw_cert; > >> scgi_param SSL_CLIENT_VERIFY > $ssl_client_verify; > >> > >> mic > >> > >> > >> > >> 2012/7/19 Derek <xxxx...@gmail.com>: > >> > 1. Take a look at x509_auth.py for information on how to do that. > It's > >> > only > >> > 102 lines, so don't be daunted. > >> > 2. Yes. > >> > > >> > > >> > > >> > On Tuesday, July 17, 2012 4:12:50 PM UTC-7, tiadobatima wrote: > >> >> > >> >> Hi guys, > >> >> > >> >> After reading the docs, searching through old posts, and scouring > the > >> >> net, > >> >> I'm hoping someone can enlighten me regarding x509 auth: > >> >> > >> >> 1- How to retrieve the subject contained in the x509 certificate > >> >> (serialNumber, commonName, etc). Any example code? > >> >> 2- Does the current implementation of x509 auth require any of the > >> >> auth_XXXX tables in the database for anything? > >> >> > >> >> Thanks! > >> >> > >> >> > >> > -- > >> > > >> > > >> > > > > > -- > > > > > > >
--