I realize that this isn't the appropriate use of a service cert. But here's my problem. I'm setting up a node in a conference room where people are used to logging in on the conference room machine with their own ID. Until such time as I (or someone) can modify the certificate system in such a way what it pays attention, for instance, to certificates already installed in IE (for example), or in Exchange/Outlook, having to require that all users have/acquire a certificate is an unworkable situation. So, right now, it's either a service cert, or telling everybody the password to the node.
I'm dealing, unfortunately at an executive level here, and impediments like having to acquire a certificate can become another reason not to adopt the technology. The restrictions in the authorization policy only apply if you have set up some rules for the particular venue, though - right? I haven't had any problem in my initial tests in entering venues. There is also the issue, which I believe is already do-able, but I haven't amassed the spare cycles to test, of having this whole system run using our own CA and our own certificates. -randy At 09:47 PM 4/15/2004, Ivan R. Judson wrote: >Password less certificates don't use proxies, so proxy lifetime doesn't >matter. However, certificate validity does (it's generally 12 months). > >As an aside, service certificates are not intended to be used by users as >identity certificates, there may well be parts of the authorization policy >that specifically exclude services from some operations (like Enter). > >--Ivan > > > -----Original Message----- > > From: owner-ag-t...@mcs.anl.gov > > [mailto:owner-ag-t...@mcs.anl.gov] On Behalf Of Randy Groves > > Sent: Thursday, April 15, 2004 9:47 PM > > To: ag-t...@mcs.anl.gov > > Subject: [AG-TECH] Life of 'service' cert > > > > If you use a 'service' cert (a host-type cert with no > > password) for a venue client on a node - is there a lifetime > > attached to the proxy? Or does it last forever? > > > > Same question on using these type of certs for a venue server. > > > > -randy > > > > > >
