From dusan.kozic at gmail.com Tue Aug 18 13:55:04 2020 From: dusan.kozic at gmail.com (Dusan Kozic) Date: Tue, 18 Aug 2020 15:55:04 +0200 Subject: [Pki-users] Dogtag CA and FlatFileAuth Message-ID: Good day! I am testing Dogtag CA with Cisco IOS client using the One Time Pin RouterCertificate Enrollment Certificate Profile. For authentication I am using auth.instance_id=flatFileAuth. This works OK in documented scenario where entries in flatfile.txt are like this: UID: PWD: I have a question whether it is possible to change authentication parameters in flatfile.txt to authenticate routers using other parameters than IP address,e.g. FQDN or some user provided parameters. If not, Iam interested if this is possible if I change Authentication Manager to DirBasedAuthentication. Please provide me some documentation and examples about FlatFileAuth and DirBasedAuthentication. Thank you! -- Kind regards, Dusan Kozic -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmoluguw at redhat.com Mon Aug 31 18:11:44 2020 From: dmoluguw at redhat.com (Dinesh Prasanth Moluguwan Krishnamoorthy) Date: Mon, 31 Aug 2020 11:11:44 -0700 Subject: [Pki-users] Dogtag CA and FlatFileAuth In-Reply-To: References: Message-ID: Hi Dusan, I am not familiar with SCEP but let me try answering your question. The wiki page we have is: https://www.dogtagpki.org/wiki/SCEP_Setup The RHCS doc we have is: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/enrolling_a_certificate_in_a_cisco_router IIUC, if you want to use FQDN you need to add entries to DNS to map FQDN to IP address. For other types of authentication, maybe you can read the RHCS doc: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/automated_enrollment#Setting_up_Directory_Based_Authentication HTH! Regards, --Dinesh On Tue, Aug 18, 2020 at 6:56 AM Dusan Kozic wrote: > Good day! > > I am testing Dogtag CA with Cisco IOS client using the One Time Pin > RouterCertificate Enrollment Certificate Profile. For authentication I am > using auth.instance_id=flatFileAuth. This works OK in documented scenario > where entries in flatfile.txt are like this: > > UID: > PWD: > > I have a question whether it is possible to change authentication > parameters in flatfile.txt to authenticate routers using other parameters > than IP address,e.g. FQDN or some user provided parameters. > > If not, Iam interested if this is possible if I change Authentication > Manager to DirBasedAuthentication. > > Please provide me some documentation and examples about FlatFileAuth and > DirBasedAuthentication. > > Thank you! > > -- > Kind regards, > > Dusan Kozic > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- An HTML attachment was scrubbed... URL: