From 149901047cfa0fe4a729862261ae9b948be971c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Fri, 30 Jun 2017 14:29:29 +0200
Subject: [PATCH] Added new authenticators into README

---
 warden3/warden_server/README | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/warden3/warden_server/README b/warden3/warden_server/README
index 8438d13..a3b835e 100644
--- a/warden3/warden_server/README
+++ b/warden3/warden_server/README
@@ -123,7 +123,8 @@ particular implementation object of the aspect, for example type of logger
 
 		Log: FileLogger, SysLogger
 		DB: MySQL
-		Auth: X509Authenticator, PlainAuthenticator
+		Auth: X509Authenticator, X509NameAuthenticator,
+              X509MixMatchAuthenticator,PlainAuthenticator
 		Validator: JSONSchemaValidator, NoValidator
 		Handler: WardenHandler
 
@@ -144,7 +145,17 @@ object from particular section list is used ("FileLogger" for example).
 
    X509Authenticator: authenticate based on certificate chain validation,
        hostname corresponding with certificate CN or SubjectAltName and
-       optionally shared secret
+       optionally shared secret (note that more clients on one machine
+       will have to have the certificate with the same hostname, clients
+       than can be differentiated by separate secrets).
+       This method is OBSOLETE.
+
+    X509NameAuthenticator: authenticate based on certificate chain validation,
+        certificate CN must correspond with client _name_, NOT hostname.
+
+    X509MixMatchAuthenticator: automatically choose X509Authenticator or
+        X509NameAuthenticator based on existence of 'secret' in query. Allows
+        for seamless transition of clients between two authentication methods.
 
    PlainAuthenticator: authenticate based on client name or shared secret, usable
       over plain HTTP connection or HTTPS without client certificate - note that
-- 
GitLab