Jan Pechanec wrote:
> those auxiliary files with various mapping information. Obviously
> some mappers wouldn't need such files, CN mapper for example.
Really, I am sorry to stress this point, but you should at least use CN+CA
to identify a user.
>> If so, then we also need to introduce a new tool (or maybe enhance an
>> existing
[...]
>> If we create this "kmf_map_cert_to_username()" function, what would it
>> actually
>> do? A
>> process calling this may or may not be privileged enough to update the
>> mapping
>> table
>
> kmf_map_cert_to_username() shall return a username or an error code.
[..]
What about integrating into a PAM module ? I think that this function is
not (should not) included into KMF. Instead, as it is more a user auth
issue, IMHO this function should be provided by a PAM module (that will
make use of KMF).
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] pala at cs.dartmouth.edu
project.manager at openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://mail.opensolaris.org/pipermail/kmf-discuss/attachments/20071220/49091e29/attachment.bin>
