[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: isakmpd AND NOT policy

To: Pepijn Vissers <vissers@fox-it.com>
Subject: Re: FW: isakmpd AND NOT policy
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Wed, 03 Oct 2001 13:43:39 -0400
Cc: "'tech@openbsd.org'" <tech@openbsd.org>

In message <D58D3E1961C58043BD828065D12E49951D6CF9@foxserver>, Pepijn Vissers w
rites:
>
>Has anyone got an idea? Soooooooooooo close...

You can try _AUTHORIZERS, e.g.:

_AUTHORIZERS ~= "^DN:/...." || _AUTHORIZERS ~= ".*,DN:/...."

I don't see how this is going to help you though; you're assuming that
the user will present both X509 certificates (the one from the CA and the
one from the "deny") ?
-Angelos

References:
- FW: isakmpd AND NOT policy
  - From: Pepijn Vissers <vissers@fox-it.com>

Prev by Date: dc(4) patch resend
Next by Date: How current is my source tree?
Prev by thread: FW: isakmpd AND NOT policy
Next by thread: RE: FW: isakmpd AND NOT policy
Index(es):
- Date
- Thread