This project is not covered by Drupal’s security advisory policy.

In Brief
This module uses emcSSL technology to provide a secure login without passwords. The key feature of emcSSL is that it is fully decentralized and distributed.

Technology
The login is based on EmerCoin cryptocurrency blockchain, using the blockchain as a decentralized trust store of hash sums for client SSL-certificates. Certificates can be generated by clients locally, without any central authority, and quickly replaced as needed.

The uniqueness of emcSSL is in the complete decentralization of the system, i.e. the lack of a group of servers running under a single authorization (as used in the systems of Kerberos, OpenID, TeddyID and the like). As a result, it is not possible for emcSSL to suffer system-wide service disruption either due to technical failure or malicious attack upon authorization servers. In addition, it is not possible for a user to have their accounts globally suspended at the whim of a single authority. emcSSL cannot be censored.

Apart from login, the module provides automated user profile generation via InfoCard system. It works in conjunction with emcSSL.

Features
emcSSL module adds a button to standard Drupal login page and blocks. After a user clicks this button his emcSSL certificate is checked and if it passes authentication, a new Drupal session is initiated. Currently any user is logged in as the emcssl user. To end the session use the standard Drupal logout button/link.

Installation and Settings

  • Install EMC wallet on the server.
  • Set up Apache to request emcSSL certificate from users (see below).
  • Download and enable the emcSSL module. It does not have dependencies on other Drupal modules.
  • In emcSSL settings at emcssl/settings
    • toggle emcSSL authentication on
    • choose http to connect to the EMC wallet
    • User Name and Password are from your EMC wallet
    • Host is localhost if you running Drupal and wallet on the same host
    • Default wallet port is 8775
    • Infocard Cache Path is the path on your system accessible to Apache (or other web server you are running)

    Apache Settings to Request Client Certificate

    1. SSL module must be enabled in Apache
    2. in the host-ssl.conf file add:
    3. <IfModule mod_ssl.c>
      	<VirtualHost *:443>
      		ServerAdmin webmaster@localhost
                      ServerName host
                      ServerAlias host
      		DocumentRoot /var/www/html/host
                      <Directory "/var/www/html/host">
                      Options FollowSymLinks
                               AllowOverride All
                               Order allow,deny
                               allow from all
              SSLOptions +StdEnvVars +ExportCertData
              SSLVerifyClient optional_no_ca 
              SSLVerifyDepth 1
                      </Directory> 
      
      #....  
      		SSLEngine on
      
      		#   A self-signed (snakeoil) certificate can be created by installing
      		#   the ssl-cert package. See
      		#   /usr/share/doc/apache2/README.Debian.gz for more info.
      		#   If both key and certificate are stored in the same file, only the
      		#   SSLCertificateFile directive is needed.
      	SSLCertificateFile	/etc/ssl/certs/hostssl_ca.crt
              SSLCertificateKeyFile /etc/ssl/private/hostssl_ca.key
      
              #....         
      
      	</VirtualHost>
      </IfModule>
    4. place X509 certificate and key at the filepaths
    5. /etc/ssl/certs/hostssl_ca.crt
      /etc/ssl/private/hostssl_ca.key

    6. restart Apache

    Note that the actual Apache settings may vary with Apache Version and the rest of the settings.

Supporting organizations: 
design and development

Project information

  • Module categories: Security
  • chart icon529 downloads
  • shield alertThis project is not covered by the security advisory policy.
    Use at your own risk! It may have publicly disclosed vulnerabilities.

Downloads