[caops-wg] [igtf-general] Re: Grid Certificate Profile version 0.20
David Groep
davidg at nikhef.nl
Thu Mar 15 04:09:40 CST 2007
Hi all,
Darcy Quesnel wrote:
> Has anyone replied to you about this?
>
> My experience is that the globus patched version of openssl will
> interpret the "robert kilroy-" part as a wildcard and only treat silk as
> significant. I'm trying to remember if the space makes a difference - I
> don't think it does.
No, this implicit wildcard matching is only used when comparing
host names, and is not in the code matching usernames in the gridmapfile
(I just lloked at that piece of the code and there is nothing special
in the gss_assist_gridmap call regarding dashes).
So, the mapping will be unique and Mr. Kilroy-silk will be safe :-)
Cheers,
DavidG.
>
>
> Darcy
>
>
> Mike 'Mike' Jones wrote:
>
>> One question that I've just been asked is: "Does the hyphen in a in a
>> CN (ss 3.2.3) affect user certificates in Globus installations?"
>>
>> e.g.
>> If I have "...CN=robert kilroy-silk" in my grid-mapfile and
>> a I process an GSI connection with "CN=robert kilroy", will they get
>> Mr kilroy-silk's account mapping?
>>
>> Mike
>>
>> --
>> caops-wg mailing list
>> caops-wg at ogf.org
>> http://www.ogf.org/mailman/listinfo/caops-wg
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
More information about the caops-wg
mailing list