Maybe you should try kerberosV
On Sun, 07 Nov 1999, you wrote:
> On Tue, 2 Nov 1999, Jeffrey Altman wrote:
>
> > (sorry about the null message.)
> >
> > I am looking for a summary of people's experiences with using client
> > certs to authenticate end users to Unix services.
> >
> > How are you mapping a client cert to a local Unix account name?
> >
> > Are you using a field within the cert? If so, which one(s)? Are
> > different fields used for different services?
> >
> > Or are you using some form of Certificate MApping Service which takes
> > a validated cert as input and returns a local account name? If so,
> > how are you implementing this service?
> >
> > Are you issuing a single cert for multiple services? Or one cert per
> > service?
> >
> > Thanks.
>
> I'm just mapping public keys (which you can extract from any certificate,
> whoever signed it) to user-ids. This mapping is stored in a SQL database
> contaning additional data, like what services the user can use, which urls
> (s)he can access and the like.
>
> I'm using this aproach since more than 2 years (now with env. 1600 real
> users) and it works very well.
>
> Regards,
>
> Franco
>
> >
> >
> >
> > Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
> > The Kermit Project * Columbia University
> > 612 West 115th St #716 * New York, NY * 10025
> > http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]