On Tue, 2 Nov 1999, Jeffrey Altman wrote:
> (sorry about the null message.)
>
> I am looking for a summary of people's experiences with using client
> certs to authenticate end users to Unix services.
>
> How are you mapping a client cert to a local Unix account name?
>
> Are you using a field within the cert? If so, which one(s)? Are
> different fields used for different services?
>
> Or are you using some form of Certificate MApping Service which takes
> a validated cert as input and returns a local account name? If so,
> how are you implementing this service?
>
> Are you issuing a single cert for multiple services? Or one cert per
> service?
>
> Thanks.
I'm just mapping public keys (which you can extract from any certificate,
whoever signed it) to user-ids. This mapping is stored in a SQL database
contaning additional data, like what services the user can use, which urls
(s)he can access and the like.
I'm using this aproach since more than 2 years (now with env. 1600 real
users) and it works very well.
Regards,
Franco
>
>
>
> Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
> The Kermit Project * Columbia University
> 612 West 115th St #716 * New York, NY * 10025
> http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
