Hello,
I am using SSSD with LDAP directory which provides public keys for each user entry to
SSSD.
I am not sure if it is possible to configure SSSD not just to accept the private key
(provided by the user during the login) and authenticate the user from LDAP (where his
public ke is stored), but also to check the:
- trust (validation of the CA used for signing the user's certificate i.e. public
key)
- validity of a user certificate with its public key (its "from" -
"to" dates)
- revocation status (configuration of SSSD with CRL lists or OCSP)
or should I manage this on the LDAP side or on application level or somewhere else?
I would be grateful if you share your ideas about the possible solutions of this
situation!
BR,
Hristina
Show replies by date