I am going to set up a cert. auth scheme in using Spring Security 3. I understand I use the client certifiicate's DN to authenticate. But what is expected in the returned UserDetails object? There is no password to compare. What would be in the password attribute? I am new to this subject so please ask me to clarify if this doesn't make sense.