[Xastir] https server is now operational
Tom Hayward
esarfl at gmail.com
Wed Jun 25 17:25:26 EDT 2014
On Wed, Jun 25, 2014 at 2:07 PM, Curt, WE7U <curt.we7u at gmail.com> wrote:
> On Thu, 26 Jun 2014, Liz wrote:
>> We shouldn't prevent non-hams from signing up and contributing.
>
> As I understand it it's an either-or. If people have the certificate then
> they're authenticated w/o having to go through the captcha or even the login
> procedure. If they're not, then the login/password and Captcha's will
> suffice.
Yes, this is accurate. Password authentication can be used alongside
certificate authentication. Both mechanisms simply tell MediaWiki
"this browser belongs to XXXXX". The caveat is that certificate
authentication is a web server setting, so you probably want a port
dedicated to certificate authentication, leaving port 443 configured
for standard HTTPS + password auth users.
If certificate authentication is a must-have, you can allow
certificates from multiple CAs. The ARRL just happens to run a
reasonable free CA, so that was my first choice. If we wanted to
require 100% certificate authentication, we could create our own CA to
sign certs for the few Xastir users without amateur radio licenses.
Tom KD7LXL
More information about the Xastir
mailing list