Hi Oliver
I have added that, however now the main daemon won’t start, with the following
error messages. My perl is lacking, so I’m struggling to see what it is
complaining about!
Exception during server initialization:
I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE; __EVAL_ERROR__ => Can't locate
object method "message" via package "requested value is not a scalar at
/usr/share/perl5/Connector/Proxy/YAML.pm line 78.
" (perhaps you forgot to load "requested value is not a scalar at
/usr/share/perl5/Connector/Proxy/YAML.pm line 78.
"?) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Authentication.pm
line 145.
; __task__ => authentication (I18N_OPENXPKI_SERVER_INIT_TASK_INIT_FAILURE;
__EVAL_ERROR__ => Can't locate object method "message" via package "requested
value is not a scalar at /usr/share/perl5/Connector/Proxy/YAML.pm line 78.
" (perhaps you forgot to load "requested value is not a scalar at
/usr/share/perl5/Connector/Proxy/YAML.pm line 78.
"?) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Authentication.pm
line 145.
; __task__ => authentication
Trace begun at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Init.pm
line 155
OpenXPKI::Server::Init::init('HASH(0x3e61750)') called at
/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 72
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 71
OpenXPKI::Server::new('OpenXPKI::Server', 'SILENT', 0) called at
/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 216
eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Control.pm line 212
OpenXPKI::Control::start('HASH(0x1a97e78)') called at /usr/bin/openxpkictl line
104
) at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server.pm line 966.
Thanks,
Richard
> On 13 Dec 2016, at 07:15, Oliver Welter <[email protected]> wrote:
>
> Hi Richard,
>
> that stuff is unfortunately not documented very well.
>
> The roles file is just a key/value file with username: role, e.g.
>
> Richard: RA Operator
>
> Using the sample config, the username is the CN part of the certificate, you
> can also set "serial" or "subject".
>
> Have a look at the documentation of OpenXPKI::Server::Authentication::X509
>
> Oliver
>
> Am 12.12.2016 um 14:15 schrieb Richard Franks:
>> Hi
>>
>> I have got OpenXPKI up and running, and I can perform CA operations with
>> the user/password combinations that I have set up.
>>
>> I would like to do certificate based authentication, however I am unsure
>> how to assign roles to specific users.
>>
>> Within the realm configuration is connector.yaml, which seems to imply
>> that you should define roles in /home/pkiadm/ca-one-x509-roles.yaml,
>> however I am unable to find an example for the syntax of the file.
>>
>> Does one exist? If not, please could someone provide some guidance on
>> how to format the file in order to provide role-based access using
>> certificates?
>>
>> Thanks,
>> Richard
>>
>>
>> ------------------------------------------------------------------------------
>> Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today.http://sdm.link/xeonphi
>>
>>
>>
>> _______________________________________________
>> OpenXPKI-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>
>
>
> --
> Protect your environment - close windows and adopt a penguin!
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org!
> http://sdm.link/slashdot_______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
