Opened 5 years ago

Closed 5 years ago

#1517 closed defect (fixed)

sge_ca only does partial matches against GECOS data

Reported by: markdixon Owned by: Mark Dixon <m.c.dixon@…>
Priority: normal Milestone:
Component: sge Version: 8.1.8
Severity: minor Keywords:
Cc:

Description

Hi,

When the sge_ca tool supplied with grid engine is used to create a new certificate, it uses the supplied GECOS data to check if a certificate with the same common name already exists.

That check only does a partial match on CN=<gecos info>, so if a new certificate's GECOS data matches the start of another certificate's GECOS data, it will refuse to create the certificate.

e.g. the cert created by the first command below prevents the second cert from being created:

$SGE_ROOT/util/sgeCA/sge_ca -user "user1:Bobby:bobby@somewhere"
$SGE_ROOT/util/sgeCA/sge_ca -user "user2:Bob:bob@somewhere"

The attached patch fixes this, prepared against 8.1.8.

Cheers,

Mark

Attachments (1)

0001-Do-a-full-not-a-partial-match-on-GECOS-data-when-sel.patch (1.0 KB) - added by markdixon 5 years ago.

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by markdixon

comment:1 Changed 5 years ago by Mark Dixon <m.c.dixon@…>

  • Owner set to Mark Dixon <m.c.dixon@…>
  • Resolution set to fixed
  • Status changed from new to closed

In 4805/sge:

Fix #1517: Do a full, not a partial match on GECOS data when selecting cert

Note: See TracTickets for help on using tickets.