[ngps@p...: [ANNOUNCE] ZServerSSL 0.04]

Ng Pheng Siong ngps@p...
Fri, 28 Apr 2000 23:37:14 +0800


Pardon the spam. I believe the following might be of interest to 
Medusa users and hackers.

----- Forwarded message from Ng Pheng Siong <ngps@p...> -----

Date: Wed, 26 Apr 2000 00:28:12 +0800
From: Ng Pheng Siong <ngps@p...>
To: zope-dev@z...
Subject: [ANNOUNCE] ZServerSSL 0.04
X-Mailer: Mutt 1.0i


I am pleased to announce the release of ZServerSSL 0.04. 

ZServerSSL provides a HTTPS server for Zope. In normal operation, ZServerSSL 
protects user names, passwords and data in transit against eavesdropping.

This release of ZServerSSL presents a significant enhancement: X.509 
certificate-based authentication for Zope.

In this mode, Zope is run in "remote user" mode, and ZServerSSL's HTTPS server 
is configured to *require* user certificates. 

When a user connects, ZServerSSL handles certificate verification, maps the 
user certificate's "subject distinguished name" to a Zope username and sets 
REMOTE_USER accordingly. Zope's REMOTE_USER machinery takes care of the rest.

Given valid user certificates and mappings from certificates to Zope users, 
Zope no longer requires passwords for access. This improves site security 
 by removing the need to store passwords on the Zope site.

This mode of operation can be adapted to other HTTPS servers like Apache+SSL, 
Roxen+SSL, etc. that perform certificate-based authentication.

ZServerSSL is bundled with the latest snapshot of M2Crypto, and is also
available as a separate package. It can be downloaded from here:


Usual disclaimers apply. Feedback is very much appreciated.

Ng Pheng Siong <ngps@p...> * http://www.post1.com/home/ngps

(BTW, what's this about no cross-posting btw zope-dev and zope?)

----- End forwarded message -----

Ng Pheng Siong <ngps@p...> * http://www.post1.com/home/ngps