Web Servers on Unix and Linux - client certificates and reverse proxies

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > February 2005 > client certificates and reverse proxies





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author client certificates and reverse proxies
Fredo Sartori

2005-02-14, 7:50 am

Hi,

I am setting up an apache server which is accessed via a reverse proxy.
Client certificates are used for authentication and authorization.

The following setup is already working: the reverse proxy checks the
validity of the client certificate using the SSLCACertificatePath
directive. Thereafter data contained in the certificate is passed to the
backend server either as part of the url or as additional HTTP header
fields. (First is working properly, second should work, according to the
description of mod_header.) The backend server uses these certificate data
to perform an ldap lookup and grants or denies access to the resource
requesetd.

BUT: this setup has the drawback that the reverse proxy needs to check the
client certificates itself. Is there a possibility that the verification of
the client certificates can be delegated to another server, ideally the
backend server?

Any hint is welcome

Fredo

--
Dr. Fredo Sartori Tel. 030-227-55061
SPD-Fraktion im Deutschen Bundestag FAX 030-227-56169
EDV-Organisation e-mail: sartori@spdfraktion.de
Platz der Republik WWW: http://www.spdfraktion.de/
11011 Berlin
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com