@Massimo I have made a pull request on github.
mic 2012/7/20 Massimo Di Pierro <massimo.dipie...@gmail.com>: > I'll wait for the patch. > > > On Friday, 20 July 2012 07:51:37 UTC-5, Michele Comitini wrote: >> >> > Michelle, I know you wrote the code, but I believe X509Account should be >> > replaced with X509Auth, no? >> >> Ahem... I stand corrected, you are right I just copied a comment in >> the code. The comment must be fixed. >> >> mic >> >> >> 2012/7/20 tiadobatima <gbara...@gmail.com>: >> > Thanks guys! >> > >> > I'm using nginx too, and I followed roughly the same steps but using >> > uwsgi. >> > Michelle, I know you wrote the code, but I believe X509Account should be >> > replaced with X509Auth, no? >> > >> > from gluon.contrib.login_methods.x509_auth import X509Auth >> > >> > auth.settings.actions_disabled=['register','change_password', >> > 'request_reset_password','profile'] >> > auth.settings.login_form = X509Autht() >> > >> > Cheers, >> > g. >> > >> > On Thursday, 19 July 2012 13:27:30 UTC-7, Michele Comitini wrote: >> >> >> >> - Install M2Crypto. >> >> - If you use rocket be sure to pass the --ca-cert option or if you use >> >> another server configure the server to support client certificate >> >> validation and to pass needed SSL variables in wsgi environment*. >> >> - In you model put the following: >> >> >> >> from gluon.contrib.login_methods.x509_auth import X509Account >> >> auth.settings.actions_disabled=['register','change_password', >> >> 'request_reset_password','profile'] >> >> auth.settings.login_form = X509Account() >> >> >> >> >> >> *for example in nginx + scgi setup to pass environment variables add >> >> the following in the ssl server stanza: >> >> >> >> scgi_param SSL_PROTOCOL $ssl_protocol; >> >> scgi_param HTTPS on; >> >> scgi_param SSL_CIPHER $ssl_cipher; >> >> scgi_param SSL_CLIENT_SERIAL >> >> $ssl_client_serial; >> >> scgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; >> >> scgi_param SSL_CLIENT_I_DN $ssl_client_i_dn; >> >> scgi_param SSL_SESSION_ID $ssl_session_id; >> >> scgi_param SSL_CLIENT_CERT $ssl_client_cert; >> >> scgi_param SSL_CLIENT_RAW_CERT >> >> $ssl_client_raw_cert; >> >> scgi_param SSL_CLIENT_VERIFY >> >> $ssl_client_verify; >> >> >> >> mic >> >> >> >> >> >> >> >> 2012/7/19 Derek <xxxx...@gmail.com>: >> >> > 1. Take a look at x509_auth.py for information on how to do that. >> >> > It's >> >> > only >> >> > 102 lines, so don't be daunted. >> >> > 2. Yes. >> >> > >> >> > >> >> > >> >> > On Tuesday, July 17, 2012 4:12:50 PM UTC-7, tiadobatima wrote: >> >> >> >> >> >> Hi guys, >> >> >> >> >> >> After reading the docs, searching through old posts, and scouring >> >> >> the >> >> >> net, >> >> >> I'm hoping someone can enlighten me regarding x509 auth: >> >> >> >> >> >> 1- How to retrieve the subject contained in the x509 certificate >> >> >> (serialNumber, commonName, etc). Any example code? >> >> >> 2- Does the current implementation of x509 auth require any of the >> >> >> auth_XXXX tables in the database for anything? >> >> >> >> >> >> Thanks! >> >> >> >> >> >> >> >> > -- >> >> > >> >> > >> >> > >> > >> > -- >> > >> > >> > > > -- > > > --
