diff options
| author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-24 11:02:35 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-30 14:44:50 -0700 |
| commit | e326cd2f06bd651cdd87646eea94622e18cec28d (patch) | |
| tree | ebcfdfebd26f7098d67dccae9ceccaff5e95d2f5 /base/tps/shared | |
| parent | 63a58cf51ef2982e8a35eff1f98dd42453e5681e (diff) | |
| download | pki-e326cd2f06bd651cdd87646eea94622e18cec28d.tar.gz pki-e326cd2f06bd651cdd87646eea94622e18cec28d.tar.xz pki-e326cd2f06bd651cdd87646eea94622e18cec28d.zip | |
Add ability to disallow TPS to enroll a single user on multiple tokens.
This patch will install a check during the early portion of the enrollment
process check a configurable policy whether or not a user should be allowed
to have more that one active token.
This check will take place only for brand new tokens not seen before.
The check will prevent the enrollment to proceed and will exit before the system
has a chance to add this new token to the TPS tokendb.
The behavior will be configurable for the the external reg and not external reg scenarios
as follows:
tokendb.nonExternalReg.allowMultiActiveTokensUser=false
tokendb.enroll.externalReg.allowMultiActiveTokensUser=false
Diffstat (limited to 'base/tps/shared')
| -rw-r--r-- | base/tps/shared/conf/CS.cfg | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg index 4f2b3919c..a8499a2b3 100644 --- a/base/tps/shared/conf/CS.cfg +++ b/base/tps/shared/conf/CS.cfg @@ -2169,6 +2169,9 @@ tokendb.ssl=false tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus tokendb.userBaseDN=[TOKENDB_ROOT] tokendb.userDeleteTemplate=userDelete.template +tokendb.nonExternalReg.allowMultiActiveTokensUser=false +tokendb.externalReg.allowMultiActiveTokensUser=false + tps._000=######################################## tps._001=# For verifying system certificates tps._002=# tps.cert.list=sslserver,subsystem,audit_signing |