Alex MacCuish

So I thought about it being a problem of sanitisation, but you could allow the admin to create and sign such requests. For smartcards, the DC must have it's GUID...

I don't have one that is sanitised for publication, but here are microsoft's words: Client: https://support.microsoft.com/en-gb/help/281245/guidelines-for-enabling-smart-card-logon-with-third-party-certificatio DC: https://support.microsoft.com/en-us/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca (there's an example cert here) Supposedly the requirements aren't so strict for...

I can do testing if it helps. Or you can just run the resulting certificate through openssl and make sure it has the right stuff in it. I assume this...

The normal request process would apply, but it's useful so users can lookup certificates in Outlook for S/MIME etc.

Yes. So if someone authenticated using ldap or kerberos, we can find them in ldap and at time off issuance store the public key in ldap, overwriting usually anything that's...

I have the exact same. My personal account has both an Estonian ID-card certificate and a internel ca signed cert.

Maybe include some logic to replace only certificates issued by itself?

I can see talk of it here but not sure it went anywhere..: https://www.spinics.net/lists/linux-btrfs/msg76016.html

Yes, not a btrbk issue but had hoped someone might have a solution. No answer on the btrfs mailing list https://lore.kernel.org/linux-btrfs/[email protected]/ Do you know anywhere else I could get help?...

So ye, multiple instances would be difficult, but how about multiple spotify libraries? So I open my remote app, and I can pick from filesystem libraries, and multiple spotify accounts?