From 81fd42a1383272fed855e033b533d887d8f5de05 Mon Sep 17 00:00:00 2001
From: Andrew Wnuk <awnuk@redhat.com>
Date: Mon, 10 Dec 2012 16:36:59 -0800
Subject: authentication plugin

This patch provides authentication plugin avoiding anonymous access.
Steps to use the plugin:
https://wiki.idm.lab.bos.redhat.com/export/idmwiki/New_Directory_Authentication_Plugin

BZ 861467/ Trac #348.
---
 base/ca/shared/conf/CS.cfg.in                  | 1 +
 base/ca/shared/profiles/ca/caDirUserCert.cfg   | 2 +-
 base/ca/shared/profiles/ca/caECDirUserCert.cfg | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'base/ca')

diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 69d98e3dc..0ec7ace87 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -174,6 +174,7 @@ auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthenti
 auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
 auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
 auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication
+auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication
 auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
 auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth
 auths.instance.TokenAuth.pluginName=TokenAuth
diff --git a/base/ca/shared/profiles/ca/caDirUserCert.cfg b/base/ca/shared/profiles/ca/caDirUserCert.cfg
index 8943bcf08..d18dbedf9 100644
--- a/base/ca/shared/profiles/ca/caDirUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caDirUserCert.cfg
@@ -12,7 +12,7 @@ policyset.list=userCertSet
 policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
 policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
 policyset.userCertSet.1.constraint.name=Subject Name Constraint
-policyset.userCertSet.1.constraint.params.pattern=UID=.*
+policyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*
 policyset.userCertSet.1.constraint.params.accept=true
 policyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl
 policyset.userCertSet.1.default.name=Subject Name Default
diff --git a/base/ca/shared/profiles/ca/caECDirUserCert.cfg b/base/ca/shared/profiles/ca/caECDirUserCert.cfg
index 73907f547..da5047840 100644
--- a/base/ca/shared/profiles/ca/caECDirUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caECDirUserCert.cfg
@@ -12,7 +12,7 @@ policyset.list=userCertSet
 policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9
 policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl
 policyset.userCertSet.1.constraint.name=Subject Name Constraint
-policyset.userCertSet.1.constraint.params.pattern=UID=.*
+policyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*
 policyset.userCertSet.1.constraint.params.accept=true
 policyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl
 policyset.userCertSet.1.default.name=Subject Name Default
-- 
cgit