An X.509 certificate can contain information about the roles or privileges associated with the certificate. In practice an individual's responsibilities may change over time, and it is cumbersome to revoke and re-issue certificates each time this happens. The ability to specify a fixed global authorization username provides for mapping the certificate content to a local system user database or remote authentication protocol such as RADIUS. Once communication is established with the server requiring authentication, the user is interactively prompted for a password. The username and password combination is presented to the authorization server.
Use the set pki authorization username command to restrict the system to a single specified authorization credential which must be shared by all users.
The username can also be specified as an attribute that dynamically extracts the username from the subject field of the X.509 certificate. The set pki authorization username attribute command is used to specify an attribute based username configuration.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB