SSL Authentication (code included)

[ecarlseen]

We prefer to use SSL authentication for our intranet web servers. I've found that this can be accomplished with two lines of code added to auth_login.php while checking for the user info:

}elseif (isset($_SERVER["SSL_CLIENT_S_DN_CN"])) {
$username = str_replace("\\", "\\\\", $_SERVER["SSL_CLIENT_S_DN_CN"]);

After this, the CN from the user's certificate is used for the user name (assuming you have SSL authentication activated in Apache). Adding this permanently to the code base would be much appreciated.

Thanks!

[BSOD2600]

There is also an old SSL plugin - http://cactiusers.org/downloads/ssl.tar.gz

[TheWitness]

Its more an SSO passthru issue.

[ecarlseen]

Its more an SSO passthru issue.

Exactly. There are some good reasons not to use "Fake Basic Auth" with Apache - you still have to maintain an htpasswd file, and the DNs passed for user IDs are insanely long; the user name field would have to be extended. This is just so quick and easy it seems like it's probably the best answer. But it's your code base.

[gandalf]

As I described in my internal mail, we are using a similar approach to do SSO. Of course, we may define a hook here. But this would make a two liner plugin. Bad mojo, or shall we call this "the super-power of cacti plugin architecture"? (chapeau, Jimmy)
R.

[TheWitness]

As I described in my internal mail, we are using a similar approach to do SSO. Of course, we may define a hook here. But this would make a two liner plugin. Bad mojo, or shall we call this "the super-power of cacti plugin architecture"? (chapeau, Jimmy)
R.

Yea, PIA is like cocaine.