TLS: assigning certificates to username

Matthew Newton mcn4 at leicester.ac.uk
Thu May 5 18:41:43 CEST 2016


On Thu, May 05, 2016 at 11:24:08AM -0400, Alan DeKok wrote:
> On May 5, 2016, at 11:06 AM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> > 
> > Where the peer identity represents a host, a subjectAltName of type
> >   dnsName SHOULD be present in the peer certificate.  Where the peer
> >   identity represents a user and not a resource, a subjectAltName of
> >   type rfc822Name SHOULD be used, conforming to the grammar for the
> >   Network Access Identifier (NAI) defined in Section 2.1 of [RFC4282].
> >   If a dnsName or rfc822Name are not available, other field types (for
> >   example, a subjectAltName of type ipAddress or
> >   uniformResourceIdentifier) MAY be used.
> 
>   OK.. so another one of the million fields available in the cert.  <sigh>

But the point being, the client certificates are generated
locally.  So if one puts something useless in the cert, "its yer
own fault" :)

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list