http://asyd.net/home/ 2011-06-19T17:00:06+02:00 http://asyd.net/home/ http://asyd.net/home/lib/images/favicon.ico text/html 2008-10-03T08:25:38+02:00 http://asyd.net/home/docs/security/cas CAS (Central Authentication Service) is a Java J2EE application to bring SSO on existing web applications. Configuration * X509 Authentication text/html 2006-09-11T11:33:06+02:00 http://asyd.net/home/docs/security/certificates Glossary * X509 Attributs * PKCS (Public Key Cryptography Standards) Some example of CA policy * Mozilla CA Certificate Policy text/html 2005-11-14T19:29:44+02:00 http://asyd.net/home/docs/security/kerberos Enctypes kdc logs use decimal value to refer encrypt types Extract from kr5b.conf /* per Kerberos v5 protocol spec */ #define ENCTYPE_NULL 0x0000 #define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ #define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ #define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ #define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ /* XXX deprecated? */ #define ENCTYPE_DES3_CBC_SHA 0x000… text/html 2006-10-26T09:05:00+02:00 http://asyd.net/home/docs/security/openssl Initialization Generate the CA private key # openssl genrsa -out ca.key 2048 or # openssl gendsa -out ca.key 2048 Generate the initial CSR # openssl req -new -config ca.req.cnf -out cacert.pkcs10 -keyfile ca.key Selfsign the CSR and initialize CA stuff # openssl ca -config ca.selfsign.cnf -out cacert.pem -batch \ -keyfile ca.key -selfsign -infiles cacert.pkcs10