How to prompt user for password

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to prompt user for password

michael Dorrian
I am not talking about the pem pass phrase here. I want a last line of authentication from the client. I want the server to have a list of common names of clients it trusts. With these client names also a client password will be stored on the server side. At runtime the server asks for this password before the ssl connection can be opened. Also the user name is got from the client certificates common name. How is this usually done and is there a function that does this?.


Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.
Reply | Threaded
Open this post in threaded view
|

Re: How to prompt user for password

Kyle Hamilton
You can't do this in the current implementation of TLS -- a "password"
that is checked per-session is an application-layer issue, not a
protocol-layer issue.  It's handled on webservers by either having
them require Basic authentication even after a successful SSL/TLS
handshake (possibly including client certificate), and then it's
re-sent on every connection that requires that realm.

-Kyle H

On 4/2/06, michael Dorrian <[hidden email]> wrote:

> I am not talking about the pem pass phrase here. I want a last line of
> authentication from the client. I want the server to have a list of common
> names of clients it trusts. With these client names also a client password
> will be stored on the server side. At runtime the server asks for this
> password before the ssl connection can be opened. Also the user name is got
> from the client certificates common name. How is this usually done and is
> there a function that does this?.
>
>  ________________________________
> Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo!
> Messenger with Voice.
>
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]