Using digital certificates for authorization by proxy in OS Linux
Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 94-96
Cet article a éte moissonné depuis la source Math-Net.Ru
In this paper, a solution for delegation of some set of rights from one user (delegator) to another (proxy user) for a fixed time period is proposed. For this goal, it is offered to use “proxies”. “Proxy” is an object containing the following fields: delegator's identifier, proxy user's identifier, time period (set by delegator), list of delegated rights, and delegator's digital signature. This solution is implemented for OS Linux using OpenSSL cryptographic toolkit and pluggable authentication modules (PAM). The object “proxy” is designed as X.509 v3 certificate, and the delegated rights are specified at the field of certificate extensions. Authorization by proxy is implemented as PAM module.
Keywords:
electronic certificates, PAM, OpenSSL, authorization by proxy.
Mots-clés : X.509, Linux
Mots-clés : X.509, Linux
@article{PDMA_2014_7_a40,
author = {V. I. Ryzhkov},
title = {Using digital certificates for authorization by proxy in {OS} {Linux}},
journal = {Prikladnaya Diskretnaya Matematika. Supplement},
pages = {94--96},
year = {2014},
number = {7},
language = {ru},
url = {http://geodesic.mathdoc.fr/item/PDMA_2014_7_a40/}
}
V. I. Ryzhkov. Using digital certificates for authorization by proxy in OS Linux. Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 94-96. http://geodesic.mathdoc.fr/item/PDMA_2014_7_a40/
[1] RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, http://www.ietf.org/rfc/rfc5280.txt
[2] OpenSSL: The Open Source toolkit for SSL/TLS, http://www.openssl.org/
[3] A Linux-PAM page, http://www.linux-pam.org/