Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]">
   <title>Test Page for Mandrake Linux's Apache Installation</title>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000">

<center><a href="http://www.thawte.com/">
<img SRC="stamp.gif" BORDER=0></a>
</center>

<TITLE>About the Strong Extranet</TITLE>

<H1> About the Strong Extranet</H1>
<pre>
The Strong Extranet allows you to use digital certificates to authenticate
users on your web server.  Typically, your users enroll in your Strong
Extranet, under your control, through the Thawte Personal Cert System.

BENEFITS OF THE STRONG EXTRANET

  1. SXNet certificates contain usernames.  You can allocate these usernames
     to users as required, and your server will extract the username from the
     certificate when a user accesses your server.  Your CGI scripts can
     obtain the username in the same way they do so with password
     authentication, through the REMOTE_USER environment variable.

  2. Low cost of CA.  Thawte provides a full-server CA infrastructure for
     your Strong Extranet users for $1000 per year for up to 10 000 users.
     That's the lowest cost CA program, period.

  3. Full control and security.  Users are enrolled in your Strong Extranet
     under your full control.  There are several enrollment methods with
     different levels of security.  Choose the one which suits your business
     processes and requirements.

MORE INFORMATION

<A HREF="http://www.thawte.com/certs/strongextranet/">
http://www.thawte.com/certs/strongextranet/</A>

<HR>
USING THE MODULE:

   The module adds the following directives:

       AuthType           StrongExtranet
       SXNetZone          a number   (the zone number)
       SXNetGroupFile     /path/to/groups/file
       SXNetB64EncodeID   on/off

   "AuthType StrongExtranet" tells the server to use Strong Extranet
   Authentication in that directory. It's the equivalent of
   "AuthType Basic" or "AuthType Digest". Note that you need to
   have turned ON client certificate requesting, and set the CA
   details, as part of normal SSL configuration.

   The SXNetZone is a single integer.  It defines the zone in which
   the client has to have an ID in order to gain access to the directory.
   The Thawte ACME Test Zone is 2, so use that for demos.

   The SXNetGroupFile is a file that can be used to put users in groups,
   just like the standard Basic authentication mechanism.

   SXNetB64EncodeID allows you to have the ID base64 encoded before it
   is put into the REMOTE_USER CGI variable. Use this if your ID can be
   8-bit.

Example:

The following configuration snippet will setup the server to require
that client certs have the StrongExtranet extension, with an ID in
zone 23 embedded:

   <Directory />
   AuthType StrongExtranet
   AuthName Test Extranet
   SXNetB64EncodeID on
   SXNetZone 23
   SXNetGroupFile /etc/httpd/groups
   require valid-user
   </Directory>

</PRE>