This Administrator's Guide describes ways to customize Kleopatra that are not accessible via the GUI, but only via config files.
It is assumed that the reader is familiar with the technology used for KDE application configuration, including layout, file system location and cascading of KDE config files, as well as the KIOSK framework.
Kleopatra allows you to customize the fields that the user is allowed to enter in order to create their certificate.
Create a group called
CertificateCreationWizard
in the system-wide
kleopatrarc
. If you want a custom order of
attributes or if you only want certain items to appear, create a key
called DNAttributeOrder
. The argument is one or
more of CN,SN,GN,L,T,OU,O,PC,C,SP,DC,BC,EMAIL
If
you want to initialize fields with a certain value, write something like
Attribute=value. If you want the attribute to be treated as a required
one, append an exclamation mark
(e.g. CN!,L,OU,O!,C!,EMAIL!
, which happens to be
the default configuration).
Using the KIOSK mode modifier
$e
allows to retrieve the values from
environment variables or from an evaluated script or binary. If you
want to disallow editing of the respective field in addition, use the
modifier $i
. If you want to disallow the use
button, set
ShowSetWhoAmI
to false.
Due to the nature of the KDE KIOSK
framework, using the immutable flag ($i
) makes it
impossible for the user to override the flag. This is intended
behavior. $i
and $e
can be used
with all other config keys in KDE applications as well.
The following example outlines possible customizations:
[CertificateCreationWizard] ;Disallow to copy personal data from the addressbook, do not allow local override ShowSetWhoAmI[$i]=false ;sets the user name to $USER CN[$e]=$USER ;sets the company name to "My Company", disallows editing O[$i]=My Company ;sets the department name to a value returned by a script OU[$ei]=$(lookup_dept_from_ip) ; sets country to DE, but allows for changes by the user C=DE
Would you like to comment or contribute an update to this page?
Send feedback to the TDE Development Team