> Would there
> be a problem to give the object a unique name like PAM<number> and the
> corresponding key would be <number>?
Sounds good, but where are you going to specify the number?
You really want the user to specify the number themselves without modifying the
/etc/musclepam/pam-muscle.conf file
That is, instead of
CertNumber = 1 # Certificate number to use
CertName = user.cert # User Certificate in DER format
Use
CertNumber = 1 # Default Certificate number to use
CertName = user.cert # User Certificate in DER format
CertNameFile = user.keynumber # filename with contains a number to
override the default falue
So if the file $HOME/.muscle/user.keynumber exists, then read that
file and use the number in there instead of key #1
Note that if UserPath is defined, then this overrides the location. Instead of
being
$HOME/,muscle/user.keynumber
it would be
$UseraPath/$USERNAME/.muscle/user.keynumber (I think that's the value)
This would allow the administrator to specify a directory that the user cannot
modify.
A better solution is to have a file that can have several values in in.
Perhaps user.cert can have keywords in it, like:
--------------------------cut here-----------
#keywords
KEY=1
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOmX3yqFgwMORu9WVu1+Adayro
Jvav74yAO1GHH1XEkRP76pXKlGisA4v2QTkJXK9iaZnWJfScMDRfatrtWmuYzb0A
xSfARZWbGOKAQdRqJNqHNIkif1qRl4oGijqGlL/QvPAsTMLP8HUE0b43I67Rm2Km
6/hnGZKXn7rmt2Tu3QIDAQAB
-----END PUBLIC KEY-----
-------------------------end here--------------
We'd have to test if this would work. But then you only need one file instead
of 2 (or more)...
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
