[16992] in Kerberos-V5-bugs
[krbdev.mit.edu #9154] Components of the X509_user_identity string
daemon@ATHENA.MIT.EDU (Sumit Bose via RT)
Tue Dec 10 12:57:00 2024
From: "Sumit Bose via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To: <Z1hRpxV62_lJiNIM@sbose.users.ipa.redhat.com>
Message-ID: <rt-4.4.3-2-3703137-1733853413-1863.9154-4-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9154":;
Date: Tue, 10 Dec 2024 12:56:53 -0500
MIME-Version: 1.0
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Tue Dec 10 12:56:53 2024: Request 9154 was acted upon.
Transaction: Ticket created by sbose@redhat.com
Queue: krb5
Subject: Components of the X509_user_identity string cannot contain ':'
Owner: Nobody
Requestors: sbose@redhat.com
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9154 >
Hi,
since ':' is used as a separator character and there is no way to escape
it components for the X509_user_identity string to identify a
certificate on a Smartcard like e.g. 'token' or 'certlabel' cannot
contain a ':'.
It would be good to at least document this limitation. See
https://github.com/SSSD/sssd/issues/7746 for reference.
bye,
Sumit
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
