This project is not covered by Drupal’s security advisory policy.
This module uses emcSSL technology to provide a secure login without passwords. The key feature of emcSSL is that it is fully decentralized and distributed.
The login is based on EmerCoin cryptocurrency blockchain, using the blockchain as a decentralized trust store of hash sums for client SSL-certificates. Certificates can be generated by clients locally, without any central authority, and quickly replaced as needed.
The uniqueness of emcSSL is in the complete decentralization of the system, i.e. the lack of a group of servers running under a single authorization (as used in the systems of Kerberos, OpenID, TeddyID and the like). As a result, it is not possible for emcSSL to suffer system-wide service disruption either due to technical failure or malicious attack upon authorization servers. In addition, it is not possible for a user to have their accounts globally suspended at the whim of a single authority. emcSSL cannot be censored.
Apart from login, the module provides automated user profile generation via InfoCard system. It works in conjunction with emcSSL.
emcSSL module adds a button to standard Drupal login page and blocks. After a user clicks this button his emcSSL certificate is checked and if it passes authentication, a new Drupal session is initiated. Currently any user is logged in as the emcssl user. To end the session use the standard Drupal logout button/link.
Installation and Settings
- Install EMC wallet on the server.
- Set up Apache to request emcSSL certificate from users (see below).
- Download and enable the emcSSL module. It does not have dependencies on other Drupal modules.
- In emcSSL settings at emcssl/settings
- toggle emcSSL authentication on
- choose http to connect to the EMC wallet
- User Name and Password are from your EMC wallet
- Host is localhost if you running Drupal and wallet on the same host
- Default wallet port is 8775
- Infocard Cache Path is the path on your system accessible to Apache (or other web server you are running)
Apache Settings to Request Client Certificate
- SSL module must be enabled in Apache
- in the host-ssl.conf file add:
- place X509 certificate and key at the filepaths
- restart Apache
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName host ServerAlias host DocumentRoot /var/www/html/host <Directory "/var/www/html/host"> Options FollowSymLinks AllowOverride All Order allow,deny allow from all SSLOptions +StdEnvVars +ExportCertData SSLVerifyClient optional_no_ca SSLVerifyDepth 1 </Directory> #.... SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/hostssl_ca.crt SSLCertificateKeyFile /etc/ssl/private/hostssl_ca.key #.... </VirtualHost> </IfModule>
Note that the actual Apache settings may vary with Apache Version and the rest of the settings.
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Security
- Downloads: 476
- Last modified: 18 August 2015
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.