Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server::AuthUsercContributedpPeXPKI::Server::Authentication::X509(3)

Name
       OpenXPKI::Server::Authentication::X509 -	certificate based
       authentication.

Description
       Use a certificate chain passed by the authenticator to authenticate the
       user.  This is an abstract base class, the actual challenge and
       extractin of the	chain is done in ChallengeX509 and ClientX509 class,
       the later validation performs several steps:

       * look up a suitable root certificate, either in	the received chain or
       in the database.	 * do a	cryptographic validation on the	chain.	*
       check if	any of the certificates	(entity, chain or root)	is contained
       in the trust anchor list.

       Any failure results in an exception.

Functions
   _load_anchors
       Create a	list of	trust anchor identifiers from the configuration.

   login_step
       returns a pair of (user,	role, response_message)	for a given login
       step. Noop - needs to be	implemented by the inherited classes.

configuration
       Signature:
	   type: ChallengeX509
	   label: Signature
	   description:
       I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_SIGNATURE
	   role:
	       handler:	@auth.roledb
	       argument: dn
	       default:	''
	   # trust anchors
	   realm:
	   - my_client_auth_realm
	   cacert:
	   - cert_identifier of	external ca cert

   parameters
       role.handler
	   A connector that returns a role for a give user

       role.argument
	   Argument to use with	hander to query	for a role. Supported values
	   are cn (common name), subject, serial

       role.default
	   The default role to assign to a user	if no result is	found using
	   the handler.	 If you	do not specify a handler but a default role,
	   you get a static role assignment for	any matching certificate.

       cacert
	   A list of certificate identifiers to	be used	as trust anchors

       realm
	   A list of realm names to be used as trust anchors (this loads all
	   ca certificates from	the given realm	into the list of trusted ca
	   certs).

perl v5.24.1			  201OpenXPKI::Server::Authentication::X509(3)

Name | Description | Functions | configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Authentication::X509&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help