Jeffrey Altman wrote:
>
> (sorry about the null message.)
>
> I am looking for a summary of people's experiences with using client
> certs to authenticate end users to Unix services.
>
> How are you mapping a client cert to a local Unix account name?
>
> Are you using a field within the cert? If so, which one(s)? Are
> different fields used for different services?
>
> Or are you using some form of Certificate MApping Service which takes
> a validated cert as input and returns a local account name? If so,
> how are you implementing this service?
>
> Are you issuing a single cert for multiple services? Or one cert per
> service?
>
I remember reading a standard on mapping X.400 to SMTP. Maybe that'll
help. Try the RFC repositories.
S/MIME Cryptographic Signature
