[krbdev.mit.edu #9154] Components of the X509_user_identity string cannot contain ':'
Sumit Bose via RT
rt-comment at kerborg-prod-app-1.mit.edu
Tue Dec 10 12:56:53 EST 2024
Tue Dec 10 12:56:53 2024: Request 9154 was acted upon.
Transaction: Ticket created by sbose at redhat.com
Queue: krb5
Subject: Components of the X509_user_identity string cannot contain ':'
Owner: Nobody
Requestors: sbose at redhat.com
Status: new
Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9154 >
Hi,
since ':' is used as a separator character and there is no way to escape
it components for the X509_user_identity string to identify a
certificate on a Smartcard like e.g. 'token' or 'certlabel' cannot
contain a ':'.
It would be good to at least document this limitation. See
https://github.com/SSSD/sssd/issues/7746 for reference.
bye,
Sumit
More information about the krb5-bugs
mailing list