Lew Randerson wrote:
> Are these the proper Distinguished Names for
> PPPL - Fusion Collab?
>
> Base DN for host certificates
> [ O=Grid O=National Fusion Collaboratory ]
> Base DN for user certificates
> [ OU=pppl.gov O=PPPL O=Grid ]
>
Lew,
That is the model that we have been using for the host certificates
where
the only other component is CN=host/fully.qualified.domainname
I would suggest using the same base for users as well, and then
optionally adding an OU for the user's real organization.
Currently the LBNL-Grid-CA is configured to issue user certificates
with
O=Grid,O=National Fusion Collaboratory,OU=PPPL
That means you can get those values off the pull-down menus at
https://idcg-ca/ (You don't actually see the O=Grid part,that is done
behind the scene.
Then you need an entry in the CA-siging-policy that the LBNL-Grid-CA can
sign for "/O=Grid/O=National Fusion Collaboratory/*"
Mary
---------------------------------------------------------------------
Mary R. Thompson <MRThompson@lbl.gov>
Distributed Security Research Group (510) 486-7408
Lawrence Berkeley National Lab http://www-itg.lbl.gov/~mrt
----------------------------------------------------------------------
===============================================================================
This message was sent to the SciDAC National Fusion Collaboratory (NFC)
workers list nfc-workers. Visit the Collaboratory at
<http://www.fusiongrid.org/>.
To unsubscribe from this list, please send a message to
majordomo@fusion.gat.com with the following text in the *body* of the
message: unsubscribe nfc-workers
David P. Schissel: <schissel@fusion.gat.com> <http://fusion.gat.com/~schissel/>
This archive was generated by hypermail 2.1.1 : Thu Feb 07 2002 - 15:40:41 PST