Introduction to Policy
Be aware that if the same name is in a HTTP form input and authentication token
(authentication result) the authentication result can override the HTTP form input.
For example, if
email
authentication module will override the
request. A predicate using
the authentication instead of the HTTP input value.
The following are sample predicates:
HTTP_PARAMS.certType==client AND HTTP_PARAMS.ou==Engineering
HTTP_PARAMS.certType==server AND HTTP_PARAMS.o==Netscape OR
HTTP_PARAMS.certType==ca
Attributes for Predicates
Attributes for predicates can come from any of the following:
•
Input form—that is, the HTML form that end entities use for submitting
certificate requests.
•
Authentication token—what the authentication subsystem returns after
successfully authenticating an end entity.
•
A service—for example, a Certificate Manager, Registration Manager, or Data
Recovery Manager service can add certain attributes to the end-entity request.
•
Policy processor—what the policy subsystem returns after subjecting the
end-entity request to policy checking. For example, an extension-based policy
can set an appropriate extension in the certificate.
Table 18-2 lists default attributes that are supported by various request object
implementations.
Table 18-2 Attributes supported by request object implementations
Request type
Variable name
Default attributes from an input form:
Enrollment
requestFormat
564
Netscape Certificate Management System Installation and Setup Guide • May 2002
is in a HTTP input and an authentication module also puts
email
in the authentication result (that is, authtoken) the
email
Description
Specifies the certificate request format. Default values
include the following:
• keygen
• pkcs10
• clientAuth
value from the HTTP input in the
email
in an expression will be evaluated to the value of
value from the
email
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.01 and is the answer not in the manual?