[Moin-user] Question of auto create user profile via SSL client certification authentication
jwhuang
jwhuang at twgrid.org
Tue Nov 3 10:40:45 EST 2009
Dear All,
I met some problems with Moin configuration about SSL authentication.
I have self-signed certificates for my wiki server and users.
Now I would like to use certificates to do authentication. Here is my
reference: http://moinmo.in/HelpOnAuthentication
As the section "SSL client certification authentication" said, I can use
"autocreate" parameter to create user profile automatically once users pass
SSL check.
But it does not work in my wiki server. Could you help me to check my
configuration if something wrong? Thanks a lot.
Add two lines at wikiconfig.py:
from MoinMoin.auth.sslclientcert import SSLClientCertAuth
auth = [SSLClientCertAuth(autocreate=['True'])]
At http.conf, I did the following configuration:
Alias /moin_static184/ "/var/www/mywiki/htdocs/"
WSGIScriptAlias /mywiki /var/www/mywiki/moin.wsgi
WSGIDaemonProcess mywiki user=apache group=apache processes=5 threads=10
maximum-requests=1000 umask=0007
WSGIProcessGroup mywiki
WSGIPassAuthorization On
<Location /mywiki>
SetHandler python-program
# Add the path of your wiki directory
PythonPath "['/var/www/mywiki',
'/usr/local/lib/python2.4/site-packages'] + sys.path"
PythonHandler MoinMoin.request.request_modpython::Request.run
SSLVerifyClient require
SSLUserName SSL_CLIENT_S_DN
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
and %{SSL_CLIENT_S_DN_OU} in {"GRID"})
</Location>
I can access my wiki page with security http and see my DN shown in the
ssl_sccess.log. But the user profile can not be created automatically.
Any idea about this? Thanks a lot.
All the Best.
Jhen-Wei Huang
--
OPS Team, ASGC
Tel: +886-2-2789-8311
Fax: +886-2-2783-7653
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20091103/0ddd07d5/attachment.html>
More information about the Moin-user
mailing list