Yes.
Actually, I think Apache has FakeBasic Auth built in. I don't like it
because it seems easy to spoof. In my work, I ask the client for the
certificate with the line in the configuration file
SSLVerifyClient optional_no_ca
which gives me the certificate in $_SERVER["SSL_CLIENT_CERT"] and its
serial number in $_SERVER["SSL_CLIENT_M_SERIAL"]. I then look it up in
our Postgres database and compare the full text of the certificate
offered by the client to that in the database. If they're identical, I
grant appropriate permissions.
If this is what you want, I can supply a snippet of code but don't want
to take up my or others' time otherwise.
I know that respected authorities say that optional_no_ca has no use but
I wanted to keep control if there is no certificate and if there is an
unrecognized certificate and couldn't think of anything that did it so
beautifully.
Thomas George wrote:
Hello,
Is anyone aware of a method for using PKI certificates for authentication
with PHP..?
All suggestions are appreciated...!
Thomas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
Peter K. Hadley
Director of Technology
The Village Group
738 Main Street
Waltham, Massachusetts 02451
617-413-0706
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
