Libravatar

Allow users to login with client certificates instead of a password

Bug #769777 reported by François Marier on 2011-04-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
Triaged
Wishlist
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Instead of supplying a password, users should be able to identify themselves to the main application using a client SSL certificate.

We can assume that they have generated their certificate already and that we don't need to do it for them.

There is some general documentation on client certs here: https://wiki.cacert.org/ApacheServerClientCertificateAuthentication

See original description
François Marier (fmarier) wrote :

Relevant upstream bug: http://code.djangoproject.com/ticket/5771

François Marier (fmarier) wrote :

This may also be useful: http://osdir.com/ml/modwsgi/2010-06/msg00122.html

François Marier (fmarier) wrote :

There used to be a Django auth plugin for this:

  http://www.ohloh.net/p/sslauth

but it seems to be gone. It's still listed here though:

  http://code.djangoproject.com/wiki/DjangoResources#Djangoapplicationcomponents

François Marier (fmarier) on 2011-05-26
description: updated
François Marier (fmarier) wrote :

The Koha implementation might be useful too:

  http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6296

François Marier (fmarier) wrote :

This would be especially useful now that Debian SSO uses client certs:

  https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners-1

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.