diff options
| author | Timothy Pearson <[email protected]> | 2015-08-31 23:11:58 +0000 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2015-08-31 23:11:58 +0000 |
| commit | 18c4c3789722d6ebbf8b0bb8ce86a508d2aea2c5 (patch) | |
| tree | 1c291b60a661e6ddbb115dc7af4d50de49c1743a /confskel | |
| parent | 4df015f3265e825cf1375f8a68b3f096d56d084d (diff) | |
| download | kcmldapcontroller-18c4c3789722d6ebbf8b0bb8ce86a508d2aea2c5.tar.gz kcmldapcontroller-18c4c3789722d6ebbf8b0bb8ce86a508d2aea2c5.zip | |
Use tdeldap library PKI certificate generation methods
Diffstat (limited to 'confskel')
| -rw-r--r-- | confskel/Makefile.am | 3 | ||||
| -rw-r--r-- | confskel/openssl/pki_extensions | 61 |
2 files changed, 0 insertions, 64 deletions
diff --git a/confskel/Makefile.am b/confskel/Makefile.am index 42f25a9..2f5fe92 100644 --- a/confskel/Makefile.am +++ b/confskel/Makefile.am @@ -14,6 +14,3 @@ ldapldifskel_DATA = openldap/ldif/* saslskeldir = $(confskeldir)/sasl saslskel_DATA = sasl/* - -sslskeldir = $(confskeldir)/openssl -sslskel_DATA = openssl/*
\ No newline at end of file diff --git a/confskel/openssl/pki_extensions b/confskel/openssl/pki_extensions deleted file mode 100644 index d841890..0000000 --- a/confskel/openssl/pki_extensions +++ /dev/null @@ -1,61 +0,0 @@ -[ kdc_cert ] -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement - -#Pkinit EKU -extendedKeyUsage = 1.3.6.1.5.2.3.5 - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# Copy subject details - -issuerAltName=issuer:copy - -# Add id-pkinit-san (pkinit subjectAlternativeName) -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name - -[kdc_princ_name] -realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@ -principal_name = EXP:1, SEQUENCE:kdc_principal_seq - -[kdc_principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:kdc_principals - -[kdc_principals] -princ1 = GeneralString:krbtgt -princ2 = GeneralString:@@@REALM_UCNAME@@@ - -[ client_cert ] - -# These extensions are added when 'ca' signs a request. - -basicConstraints=CA:FALSE - -keyUsage = digitalSignature, keyEncipherment, keyAgreement - -extendedKeyUsage = 1.3.6.1.5.2.3.4 -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - - -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name - - -# Copy subject details - -issuerAltName=issuer:copy - -[princ_name] -realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@ -principal_name = EXP:1, SEQUENCE:principal_seq - -[principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:principals - -[principals] -princ1 = GeneralString:@@@KDCSERVER@@@ |