annotate mod_auth_ccert.wiki @ 435:fae8b0661edf

Add info about _xmpp-server IN TLSA
author Kim Alvefur <zash@zash.se>
date Mon, 10 Mar 2014 16:08:19 +0100
parents 0df264dd44c4
children 528721aaea46
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
369
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 #summary Client Certificate authentication module
381
a21acacc8b22 mod_auth_ccert and mod_auth_ldap2: Add Type-Auth labels
Kim Alvefur <zash@zash.se>
parents: 369
diff changeset
2 #labels Stage-Alpha,Type-Auth
369
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 = Introduction =
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 This module implements PKI-style client certificate authentication.
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 You will therefore need your own Certificate Authority.
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 How to set that up is beyond the current scope of this document.
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 = Configuration =
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 {{{
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 authentication = "ccert"
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 certificate_match = "xmppaddr" -- or "email"
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 c2s_ssl = {
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 capath = "/path/to/dir/with/your/ca"
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 }
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 }}}
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
426
Kim Alvefur <zash@zash.se>
parents: 381
diff changeset
23 `capath` should be pointed to a directory with your own CA certificate. You will need to run `c_rehash` in it.
Kim Alvefur <zash@zash.se>
parents: 381
diff changeset
24
369
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 = Compatibility =
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 ||trunk||Works||
1861f3e1e9ff mod_auth_ccert: Add page
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 ||0.9 and earlier||Doesn't work||
426
Kim Alvefur <zash@zash.se>
parents: 381
diff changeset
29 ||0.10 and later||Works||