Forum Discussion
Antoine_80417
Nimbostratus
Apr 13, 2011Multiple certificate authorities and authentication profiles
Hello,
This is my first post on this forum so first, let me introduce myself : I'm a network an security engineer, I work for a company that uses quite a lot of F5 appliances as GTMs, LCs or...
Joel_Moses
Nimbostratus
Apr 15, 2011"default_ssl_oscp" must be some sort of internal triggername for TMM; there are, when OCSP profiles are created, matching PAM profiles that are created in /etc/pam.d on the BigIP:
admin@usherjmosesf5:Active ~ ls -la /etc/pam.d/
total 62
drwxr-xr-x 9 root root 1024 Apr 15 10:50 .
drwxr-xr-x 3 root root 1024 Apr 6 10:40 ..
....
drwxr-xr-x 2 root root 1024 Mar 25 16:40 ocsp
-rw-r--r-- 1 root root 154 Oct 18 13:17 other
-r--r----- 1 root apache 482 Apr 15 10:24 [b]pam_ocsp_ocsp_test_config[/b]
-r--r----- 1 root apache 69 Apr 15 10:24 [b]pam_ocsp_ocsp_test_config.conf[/b]
-rw-r--r-- 1 root root 103 Oct 18 14:06 passwd
....
lrwxrwxrwx 1 root root 17 Apr 6 10:30 system-auth -> local/system-auth
drwxr-xr-x 2 root root 1024 Mar 25 16:40 tacacs
lrwxrwxrwx 1 root root 25 Apr 15 10:24 [b]tmm_ocsp_test_profile -> pam_ocsp_ocsp_test_config[/b]
lrwxrwxrwx 1 root root 25 Apr 15 10:50 [b]tmm_my_ocsp_profile -> pam_ocsp_ocsp_test_config[/b]
So there appears to be a PAM service that is created called "tmm_my_ocsp_profile" when I create an OCSP profile called "my_ocsp_profile". I was wondering if AUTH::start would let you set to _that_ profile name rather than the standard "default_ssl_ocsp" one that the on-box OCSP iRule uses?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects