X509 login patches
Christos Triantafyllidis
ctria at grid.auth.gr
Mon Dec 14 20:52:04 UTC 2009
Hi Mike,
first of all i need to clarify that i'm not koji expert (as i said
i'm using it only a few weeks).
On Dec 14, 2009, at 9:42 PM, Mike Bonnet wrote:
>
> koji-hub already supports a DNUsernameComponent option. Rather than
> introduce a new config option, I think I'd rather see
> "DNUsernameComponent=DN" special-cased to mean "use the whole DN". I
> don't see any env. vars other than DN that would be useful for
> authentication.
Hm that sounds like a cleaner approach! Thanks. I'm going to
implemented probably later today...
One special case that i can think is if one would like to use the
issuer's DN or any part of it but this is not the case for me so i can
skip it.
One case that (i think) is not covered even from my approach though is
the usage of an X509 extension of the certificate (i.e. the
SubjectAlternativeNames) but for now i can live without them.
Christos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20091214/953db987/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3330 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20091214/953db987/attachment.p7s>
More information about the Fedora-buildsys-list
mailing list