[Pki-devel] [PATCH] 0019 - add client auth user to install
Ade Lee
alee at redhat.com
Fri Feb 24 03:16:20 UTC 2012
Reviewed and acked by Endi.
Endi mentioned a case where we encode a cert and then decode it. I will
look into streamlining this in a subsequent patch.
Pushed to dogtag 9 and 10.
On Wed, 2012-02-22 at 23:34 -0500, Ade Lee wrote:
> Add client auth user to default install
>
> When a subsystem is configured, a user is created to facilitate communication
> between subsystems. This user is created on the security domain ca, and is
> has the subsystem certificate in its user record.
>
> This user will be reused as a user that can talk to the database using the
> subsystem certificate for client auth. To do this, this patch does the following:
>
> 1. If not the security domain master CA, adds this user to the subsystem, and
> adds the subsystem cert.
> 2. Adds the subsystem cert subject dn to the user's record in the seeAlso attribute
> 3. Adds acis for this user for the $basedn and for cn=config (for VLV searches)
>
> By default, this user and acls will be added when the system is configured.
> To actually use the user and client auth, more config steps are required. They
> will be doc'ed in https://fedorahosted.org/pki/ticket/5
>
> Please review.
>
> Ade
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list