Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] mTLS for perfSONAR

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] mTLS for perfSONAR


Chronological Thread 
    < Chronological >      < Thread >
  • From: Mark Feit <>
  • To: Zachary Newell <>, "" <>
  • Subject: Re: [perfsonar-user] mTLS for perfSONAR
  • Date: Wed, 17 May 2023 21:50:55 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UsGnvejbUIovD8/FFV0eiiDz5U6EqHM3hMnqg9ZXGjs=; b=D5jj5ezZ4jhYA1qIHUofM41e2ow0KQ7kxiTt9vjRIq1eggm/uGnNe3RDSTNOb/7125SyMn25l+EoEWnmjQExYF3X6Cn8Pro1CQFf6ejLYu7Y7vmDKThEXTVu+mvPu8waquw0XV/s4rj5uJzt96pWlEe/fsPaG0XDvqj9KlPN/hw0+/J8EFKKDznHou1U4s0Y82PMMMDLASwI+iF5iJW7pexyQ3Cwm+DVLTqwXNP8IiuDfpfVZGOeMSXz8t/wrknxUxGHcKrjKF0p/Gw97KLr3ZbAnQX1/wzptI/PIjFL34dlaEt4fV7HmlIbK3Ab9uY78sGH4K93MyDZXPpYciOw8w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l01e8elrczj39y8+2dEE9wNTlIzM9ikgjeOpxBtVorm6S5zAHPHkLd6XD0gzOIRGc26105tlKNlz6PKlkZIC/e1F0JXrSukuWdqfv1TMP6z0dbiV+Qmph1SEBg48RFHI2Ga3hSg8v6Ys9OjiyjC+X6uz4btjnu3cvl/HpPyPJcKmoQaWa8mgYR8BPRdrYqZbMixCmimrW4agMnx0G4Z26JnauDUl3CyMn4txttMe3GDYRn5FTvVsoytyteYg7NJDQ2eBXDxiuKPvfco31BNI6RiHXAdpRzGB1qWnOqaX3y16chUzp9JkXVUsnTPCXWLYbZ5W7gvoOB3MYXuNeNQAtg==

Zachary Newell writes:

 

I wanted to ask about the possibility of using mTLS instead of HTTP Basic or the Apache “require ip $IP” for authentication. Is anyone currently using mTLS for perfSONAR authentication? Are there any issues?

 

I don’t know of anyone doing that, but there’s nothing special about perfSONAR’s Apache configuration, which could be modified to do it like any other.

 

The only issue is that the configuration for the toolkit’s corner of Apache is maintained by the toolkit packages.  I’d have to look and see how that’s managed, but it would come down to that file getting clobbered during every upgrade or new changes we make having to be manually merged into yours.

 

--Mark

 

 

 

 


Archive powered by MHonArc 2.6.24.

Top of Page