set pki authorization username attribute

Use this command to configure a dynamically extracted username from the X.509 certificate subject field.

Syntax

Parameters

Defaults

None.

Mode

All command modes with admin privilege.

Usage

This command allows each user to have their own set of authorization credentials based upon a specified distinguished name attribute extracted from the X.509 certificate subject field. The distinguished name attribute can be specified as a long name, short name, or an OID. X.509 Subject Field Distinguished Name Attributes lists the supported distinguished name attributes.

X.509 Subject Field Distinguished Name Attributes

Attribute	Long Name	Short Name	OID
Country Name	countryName	C	2.5.4.6
Organization Name	organizationName	O	2.5.4.10
Organizational Unit Name	organizationalUnitName	OU	2.5.4.11
Common Name	commonName	CN	2.5.4.3

The username can be prefixed with a fixed string. For example, if the distinguished name attribute is Extremenetworks and the specified prefix is foo, the extracted username will be fooExtremenetworks.

In some instances it may be desirable to use only a subset of the extracted attribute, rather than the entire attribute verbatim. The match option allows for the dynamic application of a regular expression to the extracted attribute. The matching character output is used as the username.

The username can be suffixed with a fixed string. For example, if the distinguished name attribute is US, and the specified suffix is bar, the extracted username will be USbar.