On Mon, Dec 14, 2009 at 8:03 PM, Christos Triantafyllidis <ct...@grid.auth.gr> wrote: > Hi all and welcome me to the list :), > > i'm using koji since a few week and i needed X509 authentication. > Unfortunately current support for x509 was limited to: > a) Use of the CN part only from the subject DN as the username > Although traditionally CN can be the "username" of the user there are cases > (like in our PKI) where CN is just "Christos Triantafyllidis" and of course > many users can have the same name but different DNs. To avoid this but also > keep the backwards compatibility i have introduced a new variable to be > exported by both apache config (for git-web) and hub.conf (for the rest of > the tools) called EnvVarForUserName which defines which variable to use as > Username. For my case i have "EnvVarForUserName = SSL_CLIENT_S_DN" which > uses the whole DN as username.
What did you do about the email address? It normally uses c...@configured.org I should look at the patch of course. Steve > > b) Keep asking the user to provide their pass-phrase many times for the the > same operation > This leads (IMHO) many users to use password-less certificates. > Unfortunately this is not acceptable according to our PKI policy so i added > a callback to cache the passphrase within each koji execution. > > I have created some patches to both this limitations and i have uploaded > the to my git repository[1]. Feel free to use/clone them. > > Best regards, > Christos Triantafyllidis > > [1] http://git.afroditi.hellasgrid.gr/git/grid.auth.gr/koji.git > -- > Fedora-buildsys-list mailing list > Fedora-buildsys-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-buildsys-list > -- Steve Traylen -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
