From c20f5ff50a0d63d022ca40e4a7f2a282a1f7805e Mon Sep 17 00:00:00 2001
From: Edward Z Yang <ezyang@mit.edu>
Date: Tue, 31 Jul 2012 11:30:23 -0400
Subject: [PATCH] Import from TextPattern

---
 faq/129.mdwn | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 faq/129.mdwn

diff --git a/faq/129.mdwn b/faq/129.mdwn
new file mode 100644
index 0000000..0db9c31
--- /dev/null
+++ b/faq/129.mdwn
@@ -0,0 +1,36 @@
+[[!meta title="How do I authenticate users with certificates?"]]
+Please note that this method requires **all** users to authenticate
+with certificates. Password login is disabled.
+
+\1) Configure your site for certificate authentication. For
+ example, if you just want to make your site accessible to any MIT
+ user with certificates, add the following to `.htaccess` in your
+ wiki directory:
+
+    AuthType SSLCert
+    Require valid-user
+    ErrorDocument 401 /__scripts/needcerts
+
+For further information and options, including restricting access
+to specific people, see our full
+[FAQ on certificate authentication on scripts.](http://scripts.mit.edu/faq/15/)
+
+\2) Install
+ [SSLAuthPlugin.php](http://www.mediawiki.org/wiki/Extension:SSL_authentication#SSLAuthPlugin.php_.28MW_1.15.29)
+ from the MediaWiki project.
+
+\3) Add the following to `LocalSettings.php`:
+
+    require_once('extensions/SSLAuthPlugin.php');
+    $ssl_map_info = true;
+    $ssl_RN = $_SERVER['SSL_CLIENT_S_CN'];
+    $ssl_UN = $_SERVER['SSL_CLIENT_S_DN_Email'];
+    $atmit = '@mit.edu'; $atmit_len = strlen($atmit);
+    if ( strcasecmp( $atmit, substr($ssl_UN,-$atmit_len) ) == 0 )
+      $ssl_UN = substr($ssl_UN, 0, -$atmit_len);
+    $ssl_UN = str_replace('_', ' ', $ssl_UN);
+    $ssl_email = $_SERVER['SSL_CLIENT_S_DN_Email'];
+    SSLAuthSetup();
+
+
+
-- 
2.44.0