[kmf-discuss] DN/subjectAltName mapping to username
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Dec 20 09:08:12 PST 2007
off-topic...
Grrrr. I apologize for the crappy line-wrapping in my emails.
Does anyone know how to make thunderbird stop wrapping
my outgoing msgs???
-wyllys
Wyllys Ingersoll wrote:
> I like the proposals so far, but I would like to hear more details.
> KMF is not a daemon process
> that maintains state of any kind. So, where would these mapping be
> maintained and managed?
> Are we going to introduce a new file/database of some sort that KMF will
> then be able to read?
> If so, then we also need to introduce a new tool (or maybe enhance an
> existing one) that manages
> the database of mappings. If we want to be really flexible, we could
> create some sort of mapping
> syntax language that would allow the administrator to create mappings
> from any number of
> valid x509 fields (or from a limited set). Or we could be more
> restrictive in the first attempt
> and just choose a few fixed mappings that we think would be most useful.
>
> If we create this "kmf_map_cert_to_username()" function, what would it
> actually do? A
> process calling this may or may not be privileged enough to update the
> mapping table
> (I'm assuming that would have to be a privileged operation). I think
> we need 2 offer
> 2 APIs - one to create a mapping and one to find a username from a given
> cert.
>
> -Wyllys
>
>
More information about the kmf-discuss
mailing list