Also I'll try to explain: I have 2 types of users: supervisors and students
this system is to authenticate students to perform a "online test", BUT the supervisor must authorize them to do it for a given time (the test time, usually 1-3hours) For other reasons the systems will be: a Linux LiveCD which is booted in any machine with this "authenticator client". The supervisor will authenticate and get as answer a "temporary pass" (OTP time synchronized), so he will give that to the students in the same physical location, and the students have X seconds to authenticate their "LiveCDs" to be able to perform the test. So I'm having some problems with this second authentication (students), when they are authenticated (student_id, student_pass, otp_pass) I thought to create a VPN between the student and the server and this "online test" will only be available inside this VPN, so the VPN program should be responsable for the "certificate validation", so I don't have to worry about. is that understandable? my english is not so good. any ideas are welcome. =) Lucas. I have 2 types of users: supervisors and users On Thu, Jun 4, 2009 at 12:12 PM, Lucas Mocellin <[email protected]>wrote: > > > On Thu, Jun 4, 2009 at 11:48 AM, Michael S. Zick <[email protected]>wrote: > >> On Thu June 4 2009, Lucas Mocellin wrote: >> > Hi, >> > >> > I'm sorry, I don't understand very much about, but let's try. >> > I'm starting to learn. > >> >> > >> > On Thu, Jun 4, 2009 at 11:23 AM, Michael Sierchio <[email protected] >> >wrote: >> > >> > > Lucas Mocellin wrote: >> > > >> > > > I would like to generate a certificate valid in hours, does someone >> know >> > > > how to do it? is that possible or I have to manage this hours "by >> > > myself"? >> > > >> > > Why? What kind of cert? What is the intended use for the cert? If >> it's >> > > for >> > > the purposes of restricting access to a given time window, use a >> different >> > > mechanism. >> > >> > yes that's the purpose, the 'kind' of certificate is flexible. >> > >> > How do you think I could do differently? I need authenticate someone >> just >> > for a few hours (1-3 hours) and then close the connection, I thought to >> it >> > with certificates to "let" the certification system manage that for me. >> > >> > I want authenticate someone, and THEN authorize him for a while to do > something. > >> >> >> Although the protocols do renogate the connection on a regular basis; >> I would be very surprised if that includes re-authentication, only keys. > > hmm.. it's interesting.. I thought, for example, OpenVPN should 'manage' > this certificate expiration. > >> >> >> You'll have to do it locally on the server - like teach the server to >> start a cron job that will, after 1-3 hours - dump the user. > > If it's necessary, it'll be done, but I would like to avoid this work. > > if you're available and if you have any IM (google talk, MSN, *) please let > me know. > > PS: I'm undergradute student and this is for a project. > > Thanks a lot, > > Lucas. > >> >> >> Mike >> > Thanks, >> > >> > Lucas. >> > >> > > >> > > ______________________________________________________________________ >> > > OpenSSL Project >> http://www.openssl.org >> > > User Support Mailing List >> [email protected] >> > > Automated List Manager >> [email protected] >> > > >> > >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [email protected] >> Automated List Manager [email protected] >> > >
