From 149901047cfa0fe4a729862261ae9b948be971c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz> Date: Fri, 30 Jun 2017 14:29:29 +0200 Subject: [PATCH] Added new authenticators into README --- warden3/warden_server/README | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/warden3/warden_server/README b/warden3/warden_server/README index 8438d13..a3b835e 100644 --- a/warden3/warden_server/README +++ b/warden3/warden_server/README @@ -123,7 +123,8 @@ particular implementation object of the aspect, for example type of logger Log: FileLogger, SysLogger DB: MySQL - Auth: X509Authenticator, PlainAuthenticator + Auth: X509Authenticator, X509NameAuthenticator, + X509MixMatchAuthenticator,PlainAuthenticator Validator: JSONSchemaValidator, NoValidator Handler: WardenHandler @@ -144,7 +145,17 @@ object from particular section list is used ("FileLogger" for example). X509Authenticator: authenticate based on certificate chain validation, hostname corresponding with certificate CN or SubjectAltName and - optionally shared secret + optionally shared secret (note that more clients on one machine + will have to have the certificate with the same hostname, clients + than can be differentiated by separate secrets). + This method is OBSOLETE. + + X509NameAuthenticator: authenticate based on certificate chain validation, + certificate CN must correspond with client _name_, NOT hostname. + + X509MixMatchAuthenticator: automatically choose X509Authenticator or + X509NameAuthenticator based on existence of 'secret' in query. Allows + for seamless transition of clients between two authentication methods. PlainAuthenticator: authenticate based on client name or shared secret, usable over plain HTTP connection or HTTPS without client certificate - note that -- GitLab