Anders Rundgren <anders.rundg...@telia.com> wrote: > I can't say I fullu understand what you want to do. > Would you use TLS client-cert-auth to the proxy and then let the > application based on received cert do a popCR? > Are we talking javascript or native code?
Here is the thing: brower ---> unprivileigied web app ---> LDAP directory For password authentications, no problem: the web app just hands the password to the LDAP directory and get an authenticated BIND on behalf of the user. Now the question is how to reproduce that with certificate authentication? The idea is to implement a new authenication method (through an SASL plugin): the LDAP directory would send a popChallengeResponse, and the brower could answer it (javascript code). The answer goes back to the LDAP directory, and here you are. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
