[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy and others attributes

On Wednesday, 6 June 2007, RaphaÃl 'SurcouF' Bordet wrote:
> Hi,
>  Can we use ppolicy with another attribut than userPassword,
> userCertificate by example ?

That wouldn't make sense, as:
-certificates have expiry times
-if you want to prevent use of the certificate before the expiry time, revoke 
it (and ensure the updated CRL is available whereever you need it)
-you can
-you can't change a certificate via exop (and they key should never cross the 
wire anyway)

Or, are you really looking for a PKI that can store data in  LDAP?

Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader

Attachment: pgp1CuX3lm7gf.pgp
Description: PGP signature