Darcy, Yes, there was a discussion about this at OGF19. It seems that it's only the hostname to certificate authentication cross check that uses this process, I was just worried that the same routines might be used in the grid-mapping of user certificates but this seems not to be the case. On the subject of wild cards, a number of browsers support the use of the asterisks as wild cards in the CN field of a DNS style CN. e.g. *.google.com; does this document need a comment to this effect? Thanks, Mike On Thu, 15 Mar 2007, David Groep wrote:
Hi all,
Darcy Quesnel wrote:
Has anyone replied to you about this?
My experience is that the globus patched version of openssl will interpret the "robert kilroy-" part as a wildcard and only treat silk as significant. I'm trying to remember if the space makes a difference - I don't think it does.
No, this implicit wildcard matching is only used when comparing host names, and is not in the code matching usernames in the gridmapfile (I just lloked at that piece of the code and there is nothing special in the gss_assist_gridmap call regarding dashes). So, the mapping will be unique and Mr. Kilroy-silk will be safe :-)
Cheers, DavidG.
Darcy
Mike 'Mike' Jones wrote:
One question that I've just been asked is: "Does the hyphen in a in a CN (ss 3.2.3) affect user certificates in Globus installations?"
e.g. If I have "...CN=robert kilroy-silk" in my grid-mapfile and a I process an GSI connection with "CN=robert kilroy", will they get Mr kilroy-silk's account mapping?
Mike
-- caops-wg mailing list caops-wg@ogf.org http://www.ogf.org/mailman/listinfo/caops-wg