|
> Normally in SSL applications, certificates are verified by checking to see > who "signed" them. If the certificate authority who signed the > certificate is trusted by the application, it will allow the certificate. That makes sense, and matches the results I got. > If someone leaves the company, they can still connect, it's true. > They'll get a sign-on screen. But, if you disable their user profile, > how will they log in? The concern is that they might guess someone's password. Of course all users use good passwords, change them frequently, and never reuse them. No, wait, that was another universe! ;) > you can extend the security of your system using a "Telnet Device > Initialization Exit Program". In that program, you can write code that > examines the certificate that they've presented. I see no reason why you > couldn't write code to check if they're still an active user, and if not, > deny access. Aha! I think we have a winner! I really wanted it tied to the user profile to begin with. I was thinking a CRL was my only option. Thank you, Scott, this may be exactly what I need to solve the problem.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
