K 10
svn:author
V 8
rmacklem
K 8
svn:date
V 27
2020-04-03T22:03:21.388436Z
K 7
svn:log
V 1223
Update rpctlssd in several areas.

This patch add/updates the following areas of the rpctlssd:
- Add support for reloading of the CRL file when a SIGHUP is posted to
  the daemon.
- Replace the cruft I created trying to debug the handling of the CRL
  with code that works.
  --> In case this will give you a chuckle, I spent several days trying
      to figure out why the CRL code wasn't working.
      What was the bug? I had missed the ":" after the "r" in the getopt()
      argument, so the file was remaining set to NULL when the "-r"
      option was specified.
      --> The silly ones are the hardest to find.
- Add options for controlling whether or not a wildcard "*" is allowed
  in the client's DNS name in it's certificate and what it means.
  (RFC6125 discourages use of a wildcard, but it only applies to a client's
   handling of a server's certificate and not the reverse.)
- Add an option "-u" that allows client certificates with a
  otherName:<OID number>;UTF8:user@dns_domain field in subjectAltName
  to have "user" mapped to a set of <uid, gid_list> as machine credentials
  to be used for RPCs instead of the user credentials in the RPC header.
  (This option does not conform to the IETF draft.)

END