Certificate-based single-factor authentication.
I have a remote postgres server with self-signed server certificate.
I have self-signed client certificate.
With psql , i can login with certificate.
I wondered if we could achieve the same in ledgersmb
Best wishes,
Herman
2014-04-06 11:54 GMT+02:00 Chris Travers <..hidden..>:
Put Bad Developers to Shame>
>
>
> On Sun, Apr 6, 2014 at 1:36 AM, herman vierendeels
> <..hidden..> wrote:
>>
>> talking about authentication ,
>>
>> could we also think about certificate authentication ?
>
>
> Can you clarify? Certificate-based single-factor authentication? Or
> certificates as one of two factors?
>>
>>
>> 2014-04-05 14:55 GMT+02:00 Erik Huelsmann <..hidden..>:
>> > Hi Chris,
>> >
>> > Looking at the auth code currently in login.pm and LedgerSMB.pm as well
>> > as
>> > the exceptions in lsmb-request.pl, I'm coming to the conclusion that
>> > LedgerSMB.pm has been coded based on the assumption that every request
>> > needs
>> > to be authenticated against the database and that if authentication
>> > fails,
>> > an auth popup should be returned.
>> >
>> > However, as it turns out, this situation causes problems when the
>> > database
>> > doesn't actually exist, or when the application "only" wants to
>> > authenticate, but not generate a full request series (such as the
>> > login.pl:authenticate() function).
>> >
>> > I'm thinking we can resolve the issue we're seeing now by:
>> >
>> > * Stopping to connect to the database in LedgerSMB.pm:new()
>> >
>> > And instead:
>> >
>> > * Factor out the database connection logic
>> > * Factor out session initialization logic (the part which is based on
>> > the
>> > DB connection)
>> > * Introduce a mechanism whereby a module (e.g. login.pm) can signal
>> > one or more of its actions doesn't want a preconnected database
>> > handle
>> > * Make database connection and session initialization explicit parts of
>> > lsmb-request,
>> > if the module doesn't disallow it
>> >
>> > This way, we can remove any implicit auto-connection to the database
>> > from
>> > all lower level calls.
>> >
>> > What about it?
>> >
>> > --
>> > Bye,
>> >
>> > Erik.
>> >
>> > http://efficito.com -- Hosted accounting and ERP.
>> > Robust and Flexible. No vendor lock-in.
>> >
>> >
>> > ------------------------------------------------------------------------------
>> >
>> > _______________________________________________
>> > Ledger-smb-devel mailing list
>> > ..hidden..
>> > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Ledger-smb-devel mailing list
>> ..hidden..
>> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>
>
>
>
> --
> Best Wishes,
> Chris Travers
>
> Efficito: Hosted Accounting and ERP. Robust and Flexible. No vendor
> lock-in.
> http://www.efficito.com/learn_more
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Ledger-smb-devel mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
>
------------------------------------------------------------------------------
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________ Ledger-smb-devel mailing list ..hidden.. https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel