Hi all;
I decided that I wanted to bring this up here before I decide whether to
submit a proposal to -hackers. After all, this would reach a larger
section of users than would -hackers.
Basically, I think it would be very nice to be able to use client
vertificates to actually authenticate users. I can see a few ways of
doing this:
1) Using the cert to authenticate with a given ldap server.
2) Configuring to use a specific base dn and grabbing a uid field to
use as the username.
3) Providing a mapping of the dn to username via some configuration file.
I suspect that option 2 would be the most useful, but I wanted to see
how other people thought this might need to work.
Best Wishes,
Chris Travers