Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 466
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Introduction to Policy
❍
❍
In an expression, the
expression
HTTP_PARAMS.certType==client AND HTTP_PARAMS.ou==Engineering OR
HTTP_PARAMS.certType==ca
is interpreted as
(HTTP_PARAMS.certType==client AND HTTP_PARAMS.ou==Engineering) OR
HTTP_PARAMS.certType==ca
CS evaluates an expression based on the attributes in the request. The attributes are filled in
by servlets from the HTTP input forms used for request submission. Some attributes, such
as passwords typed in the form are not stored in the request. Other attributes regarding the
end entity, such as the user ID, are set on the request after successful authentication. The
servlets also interpret the form content, for example, retrieving the key material out of the
KEYGEN
also set additional attributes related to the certificate content on the request. In general, you
can configure which attributes—for example, sensitive attributes such as
passwords—should or shouldn't be stored in the request.
Note that all data related to an end entity is gathered at the servlet level and set on the
request before the request is passed to the policy subsystem. The policy subsystem applies
configured policy rules on the request, determines whether the request needs agent
approval, performs constraint- and extension-specific checks on the request attributes, and
then formulates the certificate content by adding the appropriate information, such as the
validity period and extensions.
The expression queries the request for the attributes, compares the value returned with the
value provided in the predicate, and returns a boolean result.
Be aware that if the same name is in an HTTP form input and authentication token
(authentication result) the authentication result can override the HTTP form input. For
example, if
authentication result (that is, authtoken) the
will override the
in an expression will be evaluated to the value of the authentication instead of the HTTP
input value.
The following are sample predicates:
HTTP_PARAMS.certType==client AND HTTP_PARAMS.ou==Engineering
HTTP_PARAMS.certType==server AND HTTP_PARAMS.o==Netscape OR
HTTP_PARAMS.certType==ca
466
Red Hat Certificate System Administrator's Guide • September 2005
is equal to: Expression
AndExpression
is equal to: Expression
OrExpression
operator takes precedence over an
AND
or
information and setting the key in the certificate content. They can
PKCS #10
is in an HTTP input and an authentication module also puts
email
value from the HTTP input in the request. A predicate using
email
Expression
AND
Expression
OR
operator. For example, the
OR
value from the authentication module
email
in the
email
email
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?