]>
Commit | Line | Data |
---|---|---|
759ed8ce | 1 | <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> |
2 | <html> | |
3 | <head> | |
4 | <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> | |
5 | <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]"> | |
6 | <title>Test Page for Mandrake Linux's Apache Installation</title> | |
7 | <!-- Background white, links blue (unvisited), navy (visited), red (active) --> | |
8 | </head> | |
9 | <body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000"> | |
10 | ||
11 | <center><a href="http://www.thawte.com/"> | |
12 | <img SRC="http://www.thawte.com/certs/logos/thawte1.gif" BORDER=0></a> | |
13 | </center> | |
14 | ||
15 | <TITLE>About the Strong Extranet</TITLE> | |
16 | ||
17 | <H1> About the Strong Extranet</H1> | |
18 | <pre> | |
19 | The Strong Extranet allows you to use digital certificates to authenticate | |
20 | users on your web server. Typically, your users enroll in your Strong | |
21 | Extranet, under your control, through the Thawte Personal Cert System. | |
22 | ||
23 | BENEFITS OF THE STRONG EXTRANET | |
24 | ||
25 | 1. SXNet certificates contain usernames. You can allocate these usernames | |
26 | to users as required, and your server will extract the username from the | |
27 | certificate when a user accesses your server. Your CGI scripts can | |
28 | obtain the username in the same way they do so with password | |
29 | authentication, through the REMOTE_USER environment variable. | |
30 | ||
31 | 2. Low cost of CA. Thawte provides a full-server CA infrastructure for | |
32 | your Strong Extranet users for $1000 per year for up to 10 000 users. | |
33 | That's the lowest cost CA program, period. | |
34 | ||
35 | 3. Full control and security. Users are enrolled in your Strong Extranet | |
36 | under your full control. There are several enrollment methods with | |
37 | different levels of security. Choose the one which suits your business | |
38 | processes and requirements. | |
39 | ||
40 | MORE INFORMATION | |
41 | ||
42 | <A HREF="http://www.thawte.com/certs/strongextranet/"> | |
43 | http://www.thawte.com/certs/strongextranet/</A> | |
44 | ||
45 | <HR> | |
46 | USING THE MODULE: | |
47 | ||
48 | The module adds the following directives: | |
49 | ||
50 | AuthType StrongExtranet | |
51 | SXNetZone a number (the zone number) | |
52 | SXNetGroupFile /path/to/groups/file | |
53 | SXNetB64EncodeID on/off | |
54 | ||
55 | "AuthType StrongExtranet" tells the server to use Strong Extranet | |
56 | Authentication in that directory. It's the equivalent of | |
57 | "AuthType Basic" or "AuthType Digest". Note that you need to | |
58 | have turned ON client certificate requesting, and set the CA | |
59 | details, as part of normal SSL configuration. | |
60 | ||
61 | The SXNetZone is a single integer. It defines the zone in which | |
62 | the client has to have an ID in order to gain access to the directory. | |
63 | The Thawte ACME Test Zone is 2, so use that for demos. | |
64 | ||
65 | The SXNetGroupFile is a file that can be used to put users in groups, | |
66 | just like the standard Basic authentication mechanism. | |
67 | ||
68 | SXNetB64EncodeID allows you to have the ID base64 encoded before it | |
69 | is put into the REMOTE_USER CGI variable. Use this if your ID can be | |
70 | 8-bit. | |
71 | ||
72 | Example: | |
73 | ||
74 | The following configuration snippet will setup the server to require | |
75 | that client certs have the StrongExtranet extension, with an ID in | |
76 | zone 23 embedded: | |
77 | ||
78 | <Directory /> | |
79 | AuthType StrongExtranet | |
80 | AuthName Test Extranet | |
81 | SXNetB64EncodeID on | |
82 | SXNetZone 23 | |
83 | SXNetGroupFile /etc/httpd/groups | |
84 | require valid-user | |
85 | </Directory> | |
86 | ||
87 | </PRE> |