Martin Bartosch wrote:
i think we have talked about this some time ago, but put this to a later version ,o)Consider an environment with a centralized user authentication and authorization system. This might be an LDAP directory or something completely different. As this may be different for every location, I'd like to use an external program (shell script...) to perform the necessary operations.
yes, this is similar to a request some weeks ago, where the option is discussed to have also certificates be able to login issued by a diffrent pki...What I would like to do is:
On the RA: - have a login prompt and request username/password - call an external program and pass the values entered by the user. In the external call I include a fixed role against the user is to verified against. - if the program returns success, the login is successful
so this may also be necessary for automated ca-key-rollovers and so on... but there isn't an fre at sorceforge so far - just create one
On the public frontend I'd like to implement this - have a login prompt and request username/password
this should be only asked for requests, not in general
- call an external program and pass the values entered by the user. Any user is accepted here, regardless of his role in the system. - if the program returns success, the login is successful - in addition to this, the entered username is used to determine user details, such as department and full name
yes, this idea i had also some time ago, but no time to implent such things so far...
- this additional information should be *included* in any CSR or CSR the user enters. The user should ideally have no way of altering this information.
just start coding ,o)What do you think?
and put some feature requests an sourceforge, so others can see, what may be available in a future version and is already a know request
greetings dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399Fraunhofer Institute for Digital Media Technology Langewiesener Strasse 22 98693 Ilmenau Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
