Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

Tectia

Certificate User Mapping File

The map file specifies which certificates authorize logging into which accounts. The format of the file is as follows:

<account-id> <keyword> <argument>

The keyword can be either Email, Subject, SerialAndIssuer, EmailRegex, or SubjectRegex. The argument depends on the keyword.

  • Email: The argument is the e-mail address which must be present in the certificate.

  • Subject: The argument is the required subject name in LDAP DN (distinguished name) string format.

  • SerialAndIssuer: The argument is the required serial number and issuer name in LDAP DN string format, separated by spaces or tabs.

  • EmailRegex: The argument is the regular expression which must match an e-mail address in the certificate. If account- id contains the string %subst%, it is substituted with the first parenthesized part of the regular expression. The patterns are matched using the egrep syntax.

  • SubjectRegex: The argument is the regular expression which must match a subject name in the certificate. If account- id contains the string %subst%, it is substituted with the first parenthesized part of the regular expression. The patterns are matched using the egrep syntax.

Examples

The following are examples of different map file definitions:

user1 email user1@ssh.com
user1 subject C=FI,O=SSH,CN=Secure Shell User 1
user1 serialandissuer 1234 C=FI,O=SSH,CN=Secure Shell User 1
%subst% subjectregex C=FI, O=SSH, CN=([a-z]+)         
%subst% emailregex ([a-z]+)@ssh\.com

The last line permits logging with any e-mail address with only letters in the username. For more information on the regular expression syntax, see sshregex.

===AUTO_SCHEMA_MARKUP===