On 26 May 2011, at 08:13, Slansky Lukas wrote: > Our certificates contain DN that doesn't match username. It contains name and > identification in UUID format. And that's the problem - I'm not able to write > regular expression that translates DN into username. However I have DB table > that I can query for this. > > It would be nice if we can use some script to postprocess usernames coming > from X.509 auth or more generally from cosignd as whole. I'm thinking > something like "factor scripts" but for usernames...
I'd suggest extending the "cert" keyword to give a script path instead of the "login" and "factor" fields. I'd probably pass the full set of SSL environment variables to the script (in particular, I'd be interested in SSL_CLIENT_CERT, which might contain more information than the DN). The script would return a "login" and "factor". :wes ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
