| 759ed8ce |
1 | <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> |
| 2 | <html> |
| 3 | <head> |
| 4 | <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> |
| 5 | <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]"> |
| 6 | <title>Test Page for Mandrake Linux's Apache Installation</title> |
| 7 | <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| 8 | </head> |
| 9 | <body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000"> |
| 10 | |
| 11 | <center><a href="http://www.thawte.com/"> |
| 12 | <img SRC="http://www.thawte.com/certs/logos/thawte1.gif" BORDER=0></a> |
| 13 | </center> |
| 14 | |
| 15 | <TITLE>About the Strong Extranet</TITLE> |
| 16 | |
| 17 | <H1> About the Strong Extranet</H1> |
| 18 | <pre> |
| 19 | The Strong Extranet allows you to use digital certificates to authenticate |
| 20 | users on your web server. Typically, your users enroll in your Strong |
| 21 | Extranet, under your control, through the Thawte Personal Cert System. |
| 22 | |
| 23 | BENEFITS OF THE STRONG EXTRANET |
| 24 | |
| 25 | 1. SXNet certificates contain usernames. You can allocate these usernames |
| 26 | to users as required, and your server will extract the username from the |
| 27 | certificate when a user accesses your server. Your CGI scripts can |
| 28 | obtain the username in the same way they do so with password |
| 29 | authentication, through the REMOTE_USER environment variable. |
| 30 | |
| 31 | 2. Low cost of CA. Thawte provides a full-server CA infrastructure for |
| 32 | your Strong Extranet users for $1000 per year for up to 10 000 users. |
| 33 | That's the lowest cost CA program, period. |
| 34 | |
| 35 | 3. Full control and security. Users are enrolled in your Strong Extranet |
| 36 | under your full control. There are several enrollment methods with |
| 37 | different levels of security. Choose the one which suits your business |
| 38 | processes and requirements. |
| 39 | |
| 40 | MORE INFORMATION |
| 41 | |
| 42 | <A HREF="http://www.thawte.com/certs/strongextranet/"> |
| 43 | http://www.thawte.com/certs/strongextranet/</A> |
| 44 | |
| 45 | <HR> |
| 46 | USING THE MODULE: |
| 47 | |
| 48 | The module adds the following directives: |
| 49 | |
| 50 | AuthType StrongExtranet |
| 51 | SXNetZone a number (the zone number) |
| 52 | SXNetGroupFile /path/to/groups/file |
| 53 | SXNetB64EncodeID on/off |
| 54 | |
| 55 | "AuthType StrongExtranet" tells the server to use Strong Extranet |
| 56 | Authentication in that directory. It's the equivalent of |
| 57 | "AuthType Basic" or "AuthType Digest". Note that you need to |
| 58 | have turned ON client certificate requesting, and set the CA |
| 59 | details, as part of normal SSL configuration. |
| 60 | |
| 61 | The SXNetZone is a single integer. It defines the zone in which |
| 62 | the client has to have an ID in order to gain access to the directory. |
| 63 | The Thawte ACME Test Zone is 2, so use that for demos. |
| 64 | |
| 65 | The SXNetGroupFile is a file that can be used to put users in groups, |
| 66 | just like the standard Basic authentication mechanism. |
| 67 | |
| 68 | SXNetB64EncodeID allows you to have the ID base64 encoded before it |
| 69 | is put into the REMOTE_USER CGI variable. Use this if your ID can be |
| 70 | 8-bit. |
| 71 | |
| 72 | Example: |
| 73 | |
| 74 | The following configuration snippet will setup the server to require |
| 75 | that client certs have the StrongExtranet extension, with an ID in |
| 76 | zone 23 embedded: |
| 77 | |
| 78 | <Directory /> |
| 79 | AuthType StrongExtranet |
| 80 | AuthName Test Extranet |
| 81 | SXNetB64EncodeID on |
| 82 | SXNetZone 23 |
| 83 | SXNetGroupFile /etc/httpd/groups |
| 84 | require valid-user |
| 85 | </Directory> |
| 86 | |
| 87 | </PRE> |
projects / packages / apache1-mod_ssl.git / blame