Basic Security

[Rob Lindsey]

Enhancement short description:

Command Line access to revoke and re-instate personal

Date:

3/23/05

Operating System:

AIX

Version of OS:

5.1

Cloverleaf Version:

3.8.1 and above

Revision:

All revisions

Tool:

Smat

Enhancement Long Description:

Currently the only way to revoke or re-instate a cert for a person is to use the Java X-window Cert Manager.  To be able to use this a person must be online.  There are companies out there that will not allow people to have Production access unless there is an issue that they must work on.  If there is a problem that occurs at 2 am that must be taken care of the only way for a cert to be re-instated is to have the security admin for the Cloverleaf GUIs “dial-in”, VPN-in or be in the office to grant that person who needs to fix the problem their cert.  If a command line utility was created then it would be easier for another system to grant access to the GUIs via an SSH connection.  It would also be easier to have another script be generated so that an operations person could grant the access on an emergency basis.

I would see it working like this:

revoke a cert –  certmgr revoke

re-instate a cert – certmgr reinstate

Rob Lindsey

rob.m.lindsey@questdiagnostics.com

Topic