Hi all
For the archives: isakmpd.policy for authenticating users by their
certificates' subjects (ASN1 DNs):
KeyNote-Version: 2
Authenticator: "POLICY"
Licensees: "DN:/C=CH/O=My Org/CN=My Org's CA Cert Subject"
Conditions: app_domain == "IPsec policy" &&
doi == "ipsec" &&
esp_present =="yes" &&
esp_enc_alg !="null" &&
remote_id_type =="ASN1 DN" &&
(
remote_id=="/C=CH/CN=John Doe/[EMAIL PROTECTED]/O=My Org" ||
remote_id=="/C=CH/CN=Jane Doe/[EMAIL PROTECTED]/O=My Org"
) -> "true";
KeyNote-Version: 2
Authenticator: "POLICY"
Licensees: "DN:/CN=Some other CA Cert Subject"
Conditions: app_domain == "IPsec policy" &&
doi == "ipsec" &&
esp_present =="yes" &&
esp_enc_alg !="null" &&
remote_id_type =="ASN1 DN" &&
(
remote_id=="/CN=Some Body/[EMAIL PROTECTED]" ||
remote_id=="/CN=Any One/[EMAIL PROTECTED]"
) -> "true";
Don't put anything (comments, blank lines ...) before the first line. It
will silently just not work.
enjoy
/markus