100392 – CRL support in LDAP module

Bug 100392 - CRL support in LDAP module

Summary: CRL support in LDAP module

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Stronghold Cross Platform
Classification:	Retired
Component:	mod_authz_ldap
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:	Stronghold Engineering List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-07-21 22:39 UTC by Lorrayne Schaefer
Modified:	2007-04-18 16:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-09-05 14:07:21 UTC
Embargoed:

Attachments	(Terms of Use)

Description Lorrayne Schaefer 2003-07-21 22:39:36 UTC

Chris Runge asked me to open a formal Request For Enhancement (RFE) in this area for consideration in a future version of the 
product. 

Here's what I'm thinking for CRL support (this is a bit beyond the mod_authz_ldap module, but some of Chris' questions extend to 
the web server):

* Server periodically fetches the CRL (the times for fetching of the CRL is a configurable option in the config file).
* The CRL is cached locally for perfomance.
* Have a configurable option in the config file that specifies what format the CRL is stored in the directory (default format is DER)
* Provide a configurable CRL grace period that will extend beyond the CRL's NextUpdate in either seconds or minutes.  Please 
make this a long interger. 
*  Provide support in following the CRL Distribution Point (if present in the End Entity or CA certificate)
* For CRL retrieval, allow support for ldap://, http://, https://, and file://.

Comment 1 Joe Orton 2006-09-05 14:07:21 UTC

Stronghold 4.0 Cross Platform reached End of Life as of the end of December 2005.

For more information or further options see: 

http://www.redhat.com/software/stronghold/

Note You need to log in before you can comment on or make changes to this bug.