<!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]"> <title>Test Page for Mandrake Linux's Apache Installation</title> <!-- Background white, links blue (unvisited), navy (visited), red (active) --> </head> <body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000"> <center><a href="http://www.thawte.com/"> <img SRC="/icons/stamp.gif" BORDER=0></a> </center> <TITLE>About the Strong Extranet</TITLE> <H1> About the Strong Extranet</H1> <pre> The Strong Extranet allows you to use digital certificates to authenticate users on your web server. Typically, your users enroll in your Strong Extranet, under your control, through the Thawte Personal Cert System. BENEFITS OF THE STRONG EXTRANET 1. SXNet certificates contain usernames. You can allocate these usernames to users as required, and your server will extract the username from the certificate when a user accesses your server. Your CGI scripts can obtain the username in the same way they do so with password authentication, through the REMOTE_USER environment variable. 2. Low cost of CA. Thawte provides a full-server CA infrastructure for your Strong Extranet users for $1000 per year for up to 10 000 users. That's the lowest cost CA program, period. 3. Full control and security. Users are enrolled in your Strong Extranet under your full control. There are several enrollment methods with different levels of security. Choose the one which suits your business processes and requirements. MORE INFORMATION <A HREF="CHANGES">CHANGES</A> <A HREF="COPYRIGHT">COPYRIGHT</A> <A HREF="LICENCE">LICENCE</A> <BR> <A HREF="http://www.thawte.com/certs/strongextranet/"> http://www.thawte.com/certs/strongextranet/</A> <HR> USING THE MODULE: The module adds the following directives: AuthType StrongExtranet SXNetZone a number (the zone number) SXNetGroupFile /path/to/groups/file SXNetB64EncodeID on/off "AuthType StrongExtranet" tells the server to use Strong Extranet Authentication in that directory. It's the equivalent of "AuthType Basic" or "AuthType Digest". Note that you need to have turned ON client certificate requesting, and set the CA details, as part of normal SSL configuration. The SXNetZone is a single integer. It defines the zone in which the client has to have an ID in order to gain access to the directory. The Thawte ACME Test Zone is 2, so use that for demos. The SXNetGroupFile is a file that can be used to put users in groups, just like the standard Basic authentication mechanism. SXNetB64EncodeID allows you to have the ID base64 encoded before it is put into the REMOTE_USER CGI variable. Use this if your ID can be 8-bit. Example: The following configuration snippet will setup the server to require that client certs have the StrongExtranet extension, with an ID in zone 23 embedded: <Directory /> AuthType StrongExtranet AuthName Test Extranet SXNetB64EncodeID on SXNetZone 23 SXNetGroupFile /etc/httpd/groups require valid-user </Directory> </PRE>