Hi David,
[log in to unmask] wrote:
>Hi Sophie
>my question is, in the myproxy.conf what is the difference between
>having only
>accepted_credentials "/*"
>
>
I don't know myproxy configuration.
Here, you have, for me, a strange list. This list of credential contents
subjects of certificate of CA and sub-CAs and subjects of certificates
issued by CA (or sub-CA).
What I know is why we have "/* " in the signing-policy.conf of the CNRS
Datagrid-fr CA:
because it's a "old" CA issuing certificates with subject with no root
subject.
>and having all of this
>accepted_credentials "/C=TW/*"
>
>
^-- I hope, you're accepting all subjects starting with "/C=TW/*" issued
by the Taiwan CA !! not certificates issued by other CAs with this same
subject..
>accepted_credentials "/C=CN/O=IHEP/OU=CC/*"
>accepted_credentials "/C=AM/O=ArmeSFo/*"
>accepted_credentials "/C=BE/O=BELNET/OU=BEGrid/CN=BEGrid
>[log in to unmask]"
>accepted_credentials "/C=BE/O=BEGRID/*"
>accepted_credentials "/C=BE/O=BELNET/OU=BEGrid/CN=BEGrid
>[log in to unmask]"
>
>
^----- This is the subject of the Belgian CA
>accepted_credentials "/C=BE/O=BEGRID/*"
>
>
^----- This is the start of subject certificates issued by Belgian CA
>accepted_credentials "/C=CH/O=CERN/OU=GRID/*"
>accepted_credentials "/C=FR/O=CNRS/CN=CNRS-Projets"
>
>
^---- this is the subject of our CNRS sub-CA. Only CNRS-Projets sub-CA
has this subject
>accepted_credentials "/C=FR/O=CNRS/CN=CNRS"
>
>
^---- This is the subject of the root CNRS CA. Only Root CNRS CA has
this subject
>accepted_credentials "/C=FR/O=CNRS/CN=Datagrid-fr"
>
>
^---- this is the subject of our CNRS sub-CA. Only CNRS Datagrid-fr
sub-CA has this subject
>accepted_credentials "/C=FR/O=CNRS/CN=GRID-FR"
>
>
^---- Again, this is the subject of our new CNRS sub-CA. Only CNRS
GRID-FR sub-CA has this subject
>accepted_credentials "/C=FR/O=CNRS/CN=CNRS-Projets"
>
>
^---- Same
>accepted_credentials "/*" <===================================
>
>
^----- Subjects issued by Datagrid-fr CA
>accepted_credentials "/O=GRID-FR/*"
>
>
^----- Subjects issued by GRID-FR CA
>accepted_credentials "/C=CY/O=CyGrid/*"
>accepted_credentials "/C=CY/O=CyGrid/*"
>accepted_credentials "/DC=org/DC=DOEGrids/OU=Certificate Authorities/*"
>
>
Bye
Sophie
>etc.
>
>cheers
>Mario
>
>
>
|