GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::SERVER::AUTHENTICATION::X509 (3)

.ds Aq ’

Name

OpenXPKI::Server::Authentication::X509 - certificate based authentication.

CONTENTS

Description

Use a certificate chain passed by the authenticator to authenticate the user. This is an abstract base class, the actual challenge and extractin of the chain is done in ChallengeX509 and ClientX509 class, the later validation performs several steps:

* look up a suitable root certificate, either in the received chain or in the database. * do a cryptographic validation on the chain. * check if any of the certificates (entity, chain or root) is contained in the trust anchor list.

Any failure results in an exception.

Functions

    _load_anchors

Create a list of trust anchor identifiers from the configuration.

    login_step

returns a pair of (user, role, response_message) for a given login step. Noop - needs to be implemented by the inherited classes.

configuration

Signature:
type: ChallengeX509
label: Signature
description: I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_SIGNATURE
role:
handler: @auth.roledb
argument: dn
default: ’’
# trust anchors
realm:
- my_client_auth_realm
cacert:
- cert_identifier of external ca cert

    parameters

role.handler A connector that returns a role for a give user
role.argument Argument to use with hander to query for a role. Supported values are cn (common name), subject, serial
role.default The default role to assign to a user if no result is found using the handler. If you do not specify a handler but a default role, you get a static role assignment for any matching certificate.
cacert A list of certificate identifiers to be used as trust anchors
realm A list of realm names to be used as trust anchors (this loads all ca certificates from the given realm into the list of trusted ca certs).
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::SERVER::AUTHENTICATION::X509 (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.