Hi all, Darcy Quesnel wrote:
Has anyone replied to you about this?
My experience is that the globus patched version of openssl will interpret the "robert kilroy-" part as a wildcard and only treat silk as significant. I'm trying to remember if the space makes a difference - I don't think it does.
No, this implicit wildcard matching is only used when comparing host names, and is not in the code matching usernames in the gridmapfile (I just lloked at that piece of the code and there is nothing special in the gss_assist_gridmap call regarding dashes). So, the mapping will be unique and Mr. Kilroy-silk will be safe :-) Cheers, DavidG.
Darcy
Mike 'Mike' Jones wrote:
One question that I've just been asked is: "Does the hyphen in a in a CN (ss 3.2.3) affect user certificates in Globus installations?"
e.g. If I have "...CN=robert kilroy-silk" in my grid-mapfile and a I process an GSI connection with "CN=robert kilroy", will they get Mr kilroy-silk's account mapping?
Mike
-- caops-wg mailing list caops-wg@ogf.org http://www.ogf.org/mailman/listinfo/caops-wg
-- David Groep ** National Institute for Nuclear and High Energy Physics, PDP/Grid group ** ** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **