[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd AND NOT policy

To: Pepijn Vissers <vissers@fox-it.com>
Subject: Re: isakmpd AND NOT policy
From: Philipp Buehler <lists@fips.de>
Date: Wed, 3 Oct 2001 13:39:07 +0200
Cc: tech@openbsd.org
Mail-Followup-To: Pepijn Vissers <vissers@fox-it.com>,tech@openbsd.org
References: <D58D3E1961C58043BD828065D12E49951D6CED@foxserver>

On 03/10/2001, Pepijn Vissers <vissers@fox-it.com> wrote To 'tech@openbsd.org':
> Hi list,

Hi list-poster, :>

> certificate. Hence, I am trying to make a policy based on a logical
> NOT instead of the default ||. Below is what I want and what i have 
> accomplished. Ideas would be very welcome.

man 5 keynote ?

[has]
> authorizer: "ca"
> licensees:  "DN:/C=NL/ST=Noord Holland/L=Amsterdam/"
> conditions: app_domain == "IPsec policy" && esp_present == "yes" -> "true";

[wants]
> authorizer: "deny"
> licensees:  "DN:/OU=Roaming user 002/"

Ever thought about re-reading 'CONDITIONS FIELD' Section in keynote(5) ?
Just point the matching license w/ appr. to conditions to -> "false" instead
 -> "true" ?

Untested, but I think that's the rough point of "Ideas" :>

ciao
-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?

References:
- isakmpd AND NOT policy
  - From: Pepijn Vissers <vissers@fox-it.com>

Prev by Date: isakmpd AND NOT policy
Next by Date: Re: pool_get must have NOWAIT panic
Prev by thread: isakmpd AND NOT policy
Next by thread: FW: isakmpd AND NOT policy
Index(es):
- Date
- Thread