X509 login patches

[Christos Triantafyllidis]

Hi all and welcome me to the list :),

     i'm using koji since a few week and i needed X509 authentication.  
Unfortunately current support for x509 was limited to:
a) Use of the CN part only from the subject DN as the username
   Although traditionally CN can be the "username" of the user there  
are cases (like in our PKI) where CN is just "Christos  
Triantafyllidis" and of course many users can have the same name but  
different DNs. To avoid this but also keep the backwards compatibility  
i have introduced a new variable to be exported by both apache config  
(for git-web) and hub.conf (for the rest of the tools) called  
EnvVarForUserName which defines which variable to use as Username. For  
my case i have "EnvVarForUserName = SSL_CLIENT_S_DN" which uses the  
whole DN as username.

b) Keep asking the user to provide their pass-phrase many times for  
the the same operation
   This leads (IMHO) many users to use password-less certificates.  
Unfortunately this is not acceptable according to our PKI policy so i  
added a callback to cache the passphrase within each koji execution.

   I have created some patches to both this limitations and i have  
uploaded the to my git repository[1]. Feel free to use/clone them.

Best regards,
Christos Triantafyllidis

[1] http://git.afroditi.hellasgrid.gr/git/grid.auth.gr/koji.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3330 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20091214/90452ad8/attachment.p7s>