[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: isakmpd AND NOT policy

To: Pepijn Vissers <vissers@fox-it.com>
Subject: Re: FW: isakmpd AND NOT policy
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Fri, 05 Oct 2001 13:53:18 -0400
Cc: "'tech@openbsd.org'" <tech@openbsd.org>

In message <D58D3E1961C58043BD828065D12E49951D6D1A@foxserver>, Pepijn Vissers w
rites:
>
>Could well be because i'm no regexp hero. Could you 
>point me to what is wrong in the next statement?
>
>Conditions:     app_domain == "IPsec policy"
>                && esp_present == "yes"
>                &&  _ACTION_AUTHORIZERS != "DN:/L=Den Haag/C=NL/OU=Roaming
>User 001/Email=vissers@fox-it.com/CN=Roaming user
>001/D=PGPKeyCreation=0x3b98b9da"
>                 -> "true";
>
>
>I think I use _ACTION_AUTHORIZERS the wrong way. 

Yes. _ACTION_AUTHORIZERS is initialized to a comma-separated list of all the
action authorizers associated with a request. In the case of X509 certificates,
this would be the key and the DN from the peer's certificate. That's why
you need to use a regexp.
-Angelos

References:
- RE: FW: isakmpd AND NOT policy
  - From: Pepijn Vissers <vissers@fox-it.com>

Prev by Date: Re: booting external scsi disk on my sparc lx
Next by Date: 3.0-beta transition problem for mini-faq
Prev by thread: RE: FW: isakmpd AND NOT policy
Next by thread: proc filesystem output hosed
Index(es):
- Date
- Thread