2.4.3Identity Matching - Advanced

Fig. 2–11Access Control Service Trustzone - Rules - Identity Matching Advanced

List 2–22Access Control Service Trustzone - Rules - Identity Matching Advanced – section Advanced Identity Matching

Parameter Description

MAC Addresses Enter MAC addresses here. Patterns may be used.

Microsoft

Enter Microsoft Machine SIDs here. A SID is a - from the Microsoft OS generated - world wide unique machine identifier. The SID is

Machine SIDs

visualized in the Access Control Server’s access cache. Patterns may be used.

 

 

List 2–23Access Control Service Trustzone - Rules - Identity Matching Advanced – section Certificate Conditions

Parameter

Description

 

 

 

x509

Subject

Enter X.509 subject name patterns here (for example, CN=name-*, O=my-company). The X.509 subject of the clients authentication

 

 

certificate must match at least one of these patterns.

 

 

Note:

 

 

Certificate authentication is only possible in Local machine and basic user authentication.

 

 

 

x509

Issuer

Enter X.509 issuer name patterns here (e.g CN=name-*, O=my-company). The subject of the issuer of the clients certificate must

 

 

match at least one of these patterns.

 

 

Note:

 

 

Certificate authentication is only possible in Local machine and basic user authentication.

 

 

 

x509

 

Enter X.509 alternative name patterns here (IP:10.0.10.*). The subject alternative name of the clients authentication certificate must

Altnames

match at least one of these patterns.

Note:

Certificate authentication is only possible in Local machine and basic user authentication.

The subject alternative name is prepended by its type (for example, "email:" or "IP:")

30 Server Config – Access Control Service

Page 32
Image 32
Barracuda Networks VERSION SP4 manual Microsoft, X509 Subject, X509 Issuer, Altnames