About the Strong Extranet
About the Strong Extranet
The Strong Extranet allows you to use digital certificates to authenticate
users on your web server. Typically, your users enroll in your Strong
Extranet, under your control, through the Thawte Personal Cert System.
BENEFITS OF THE STRONG EXTRANET
1. SXNet certificates contain usernames. You can allocate these usernames
to users as required, and your server will extract the username from the
certificate when a user accesses your server. Your CGI scripts can
obtain the username in the same way they do so with password
authentication, through the REMOTE_USER environment variable.
2. Low cost of CA. Thawte provides a full-server CA infrastructure for
your Strong Extranet users for $1000 per year for up to 10 000 users.
That's the lowest cost CA program, period.
3. Full control and security. Users are enrolled in your Strong Extranet
under your full control. There are several enrollment methods with
different levels of security. Choose the one which suits your business
processes and requirements.
MORE INFORMATION
http://www.thawte.com/certs/strongextranet/
USING THE MODULE:
The module adds the following directives:
AuthType StrongExtranet
SXNetZone a number (the zone number)
SXNetGroupFile /path/to/groups/file
SXNetB64EncodeID on/off
"AuthType StrongExtranet" tells the server to use Strong Extranet
Authentication in that directory. It's the equivalent of
"AuthType Basic" or "AuthType Digest". Note that you need to
have turned ON client certificate requesting, and set the CA
details, as part of normal SSL configuration.
The SXNetZone is a single integer. It defines the zone in which
the client has to have an ID in order to gain access to the directory.
The Thawte ACME Test Zone is 2, so use that for demos.
The SXNetGroupFile is a file that can be used to put users in groups,
just like the standard Basic authentication mechanism.
SXNetB64EncodeID allows you to have the ID base64 encoded before it
is put into the REMOTE_USER CGI variable. Use this if your ID can be
8-bit.
Example:
The following configuration snippet will setup the server to require
that client certs have the StrongExtranet extension, with an ID in
zone 23 embedded:
AuthType StrongExtranet
AuthName Test Extranet
SXNetB64EncodeID on
SXNetZone 23
SXNetGroupFile /etc/httpd/groups
require valid-user