4872 – tl-ldap-certalias extracts all certificates from a user object

Bug 4872 - tl-ldap-certalias extracts all certificates from a user object

Summary: tl-ldap-certalias extracts all certificates from a user object

Status:	CLOSED WONTFIX

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Misc (show other bugs)
Version:	4.1.0
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.15.0
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-10-24 16:19 CEST by Henrik Andersson
Modified:	2023-01-03 13:23 CET (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Henrik Andersson cendio

2013-10-24 16:19:48 CEST

The sole purpose for tl-ldap-certalias is to extract certificate from user object and populate authorized_keys for use as public key auth.
The problem is that certificates for a user object probably includes several certificates which only on is intended for authentication in the infrastructure.

One way to overcome this is to implement a certificate filter just like we have done on the client side which i configurable on the thinlinc server.

See client certificate filter documentation for more information:

http://www.cendio.com/resources/docs/tag/ch07s04.html#smart_card_certificate_filter_settings_dialog

Comment 1 Pierre Ossman cendio

2023-01-03 13:23:10 CET

We are reading certificates from the users' objects in the LDAP database, so it's reasonable to assume that all of them should be valid to authenticate the user. I don't think other products that use the certificates do any other filtering.

Note You need to log in before you can comment on or make changes to this bug.