On 6.1.2017 10:30, Sumit Bose wrote:
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
> On 5.1.2017 10:39, Sumit Bose wrote:
> > On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> > > On 18.10.2016 07:34, Jan Cholasta wrote:
> > > > On 17.10.2016 16:50, Rob Crittenden wrote:
> > > > > Jan Cholasta wrote:
> >
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> On 18.10.2016 07:34, Jan Cholasta wrote:
> > On 17.10.2016 16:50, Rob Crittenden wrote:
> > > Jan Cholasta wrote:
> > > > Hi,
> > > >
> > > > On 13.10.2016 18:52, Sumit Bose wrote:
> > > > > = Issuer specific matching =
> > >
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more
On 25.11.2016 15:55, Sumit Bose wrote:
On Fri, Nov 25, 2016 at 02:19:10PM +0100, Jan Cholasta wrote:
Bump, Sumit, have you seen my comments? I haven't heard back from you.
Yes, I've seen it and added a comment about it on the page
Bump, Sumit, have you seen my comments? I haven't heard back from you.
On 17.10.2016 09:50, Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
Hi,
I've
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more specific selection is
needed. E.g. if
On Thu, 2016-10-13 at 18:52 +0200, Sumit Bose wrote:
> Compatibility with Active Directory
> Active Directory uses a per-user LDAP attribute
> [https://msdn.microsoft.com/en-us/library/cc220106.aspx
> altSecurityIdentities] to allow arbitrary user-certificate mappings is there
> is no
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more specific selection is
needed. E.g. if there are some default matching rules for all
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
Hi,
I've started to write a SSSD design page about enhancing the current
mapping of certificates to users and how to select/match
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/match a suitable
> > certificate if
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Hi,
>
> I've started to write a SSSD design page about enhancing the current
> mapping of certificates to users and how to select/match a suitable
> certificate if multiple certificates are on a Smartcard.
>
> My currently thoughts
On Fri, Oct 07, 2016 at 09:35:00AM +0300, Alexander Bokovoy wrote:
> On pe, 07 loka 2016, Fraser Tweedale wrote:
> > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> >
> > > Question, do we need search-and-replace at all (or at this
> > > stage)? Most of the interesting values from
On pe, 07 loka 2016, Fraser Tweedale wrote:
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
Question, do we need search-and-replace at all (or at this
stage)? Most of the interesting values from the SAN should be
directly map-able to LDAP attributes. And processing the string
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Question, do we need search-and-replace at all (or at this
> stage)? Most of the interesting values from the SAN should be
> directly map-able to LDAP attributes. And processing the string
> representation of might be tricky as
Sumit Bose wrote:
On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote:
Sumit Bose wrote:
Hi,
Wow, this is really great.
Hi Rob,
thank you for the feedback.
I think I'd pre-plan to support different configuration per issuer subject,
with one named default. It shouldn't be a
On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote:
> Sumit Bose wrote:
> > Hi,
> >
> >
>
> Wow, this is really great.
Hi Rob,
thank you for the feedback.
>
> I think I'd pre-plan to support different configuration per issuer subject,
> with one named default. It shouldn't be a
Sumit Bose wrote:
Hi,
I've started to write a SSSD design page about enhancing the current
mapping of certificates to users and how to select/match a suitable
certificate if multiple certificates are on a Smartcard.
My currently thoughts and idea and be found at
19 matches
Mail list logo
