Re: Certificate logon on Unix

From: Rory (nazgul@csn.ul.ie)
Date: 10/27/01 

Date: Sat, 27 Oct 2001 00:48:47 +0100 (IST)
From: Rory <nazgul@csn.ul.ie>
To: <hamlet_av@ciaoweb.it>
Subject: Re: Certificate logon on Unix
Message-ID: <Pine.LNX.4.32.0110270035340.1662-100000@skynet>

If you are just doing server side-authentication then all you need to do
is store the cert on the server and distribute the CA public key to all
the clients so they trust the cert that the server presents. The CA public
key can be stored in the users-directory and the worst thing that will
happen is that someone will change the CA in the user directory and the
clients will stop trusting the server playing with the permissions ont he
CA will prolly help mitigate the chanses of this happening.

It all depends on what you are trying to achieve with these certs?

do you need/want client side authentication or just make sure the clients
know who they are connecting to or does the server need to know who is
connecting to it?

Are you looking for a package to do this or write it yourself?

Are you going to make your own CA or pay for a recognised CA (If you
controlling both client and server I see no reason to get a recognised CA
but you will have to do more that way CRL's and the like.)

If you could give a bit more information about what you are trying to
achive that would help.

On Fri, 26 Oct 2001 hamlet_av@ciaoweb.it wrote:

> Hi, all
> I would like to use a x.509 certificate to log on unix workstation but it seems there are no
> cots available for this.
> Do yo have any information about?
> Where do you think I have to store the certificate? a smart card or in the user directory?
>
> thanks for any input
>
> hamlet
> _________________________________________________________________________
>
>
>
> 

-- 
----Rory

Relevant Pages

  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • RE: 802.1x Authentication Fails
    ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ...
    (microsoft.public.internet.radius)
  • Re: Can this be done? Wireless Access w/o the use if CERTs
    ... a default certificate is being sent to user ... Could not retrieve the Remote Access Server's certificate due to the ... to use EAP-TLS but you don't have a server certificate. ... EAP-TLS requires certificates on clients and on the IAS server. ...
    (microsoft.public.internet.radius)