[kmf-discuss] DN/subjectAltName mapping to username
Jan Pechanec
Jan.Pechanec at Sun.COM
Wed Dec 19 13:38:40 PST 2007
hi,
I'm wondering what would be your opinion on suggestion to include
kmf_map_cert_to_username()-like function in KMF API. Mapping a certificate
to a username will be a very common and very needed task which, in my
opinion, should be enforced by a KMF policy.
an example - in x509 support for SSH, we need to somehow get a
username from the certificate. Doing that in SSH, and what's more doing it
configurable, would most probably be a duplication of work that other
applications would need to do, too.
I have materials for pam_pkcs11 ARC case and I have to read it to
see how mappers work there but it would be great, even if I could use it in
SunSSH, if this was offered as part of KMF API.
any thoughts on that?
thanks, Jan.
--
Jan Pechanec
More information about the kmf-discuss
mailing list