|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Corcoran (corcoran_at_linuxnet.com)
Date: Tue Jul 23 2002 - 06:05:03 CDT
Subject: Re: MUSCLE SmartCard NetLogin application
Date: Tue, 23 Jul 2002 08:16:56 +0200
Message-Id: <200207230816.57020.mario.strasser
zhwin.ch>
Hi
On Monday 22 July 2002 12:16, Anne Darseh wrote:
> Would NetLogin from the University of Applied Sciences Winterthur still
> work if I use a CA different from the one supplied with the application ?
> Thanks alot,
> Ann
The pam module works as long as you copy the root and intermediate
certificates of your CA into the 'cacerts' directory. The netaccountadd/-del
tools are designed for openssl. If you use a different CA you must write
your own 'smartcard-creation-tool' which writes the user's certificate and
private key to the smartcard.
The issued certificates must match the following conditions:
1. A crlDistributionPoint extension must be included and the dedicated CRL
must exist.
2. The users Login/Profile name(s) must be included as subjectAltName
extensions of the from userlocalhost (for example rootlocalhost).
However, the whole project is open source and you can modify the source
under the therms of the GPL (or ask me to do it ;-).
Regards
Mario
Content Security by MailMarshal
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to majordomolinuxnet.com with
unsubscribe sclinux
***************************************************************
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]