/usr/share/globus/simple-ca/ca-signing-policy.tmpl is in globus-simple-ca 3.5-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | # ca-signing-policy.conf, see ca-signing-policy.doc for more information
#
# This is the configuration file describing the policy for what CAs are
# allowed to sign whoses certificates.
#
# This file is parsed from start to finish with a given CA and subject
# name.
# subject names may include the following wildcard characters:
# * Matches any number of characters.
# ? Matches any single character.
#
# CA names must be specified (no wildcards). Names containing whitespaces
# must be included in single quotes, e.g. 'Certification Authority'.
# Names must not contain new line symbols.
# The value of condition attribute is represented as a set of regular
# expressions. Each regular expression must be included in double quotes.
#
# This policy file dictates the following policy:
# -The Globus CA can sign Globus certificates
#
# Format:
#------------------------------------------------------------------------
# token type | def.authority | value
#--------------|---------------|-----------------------------------------
# EACL entry #1|
access_id_CA X509 '${GRID_CA_SUBJECT}'
pos_rights globus CA:sign
cond_subjects globus '"${GRID_CA_COND_SUBJECT}"'
# end of EACL
|