manualshive.com logo in svg

Novell Enhanced Smart Card Method 3.0.1, Installation Manual

The Novell Enhanced Smart Card Method 3.0.1 installation manual is now available for free download. This comprehensive manual provides step-by-step instructions for installing and setting up the smart card system. Get your copy today from our website for easy access and quick installation.

Share
Download
background image

22

Novell Enhanced Smart Card Method Installation Guide

no

vd

ocx 

(e

n)

  

6 Ap
ril 20

07

3.4  Smart Card Interface

The method can communicate with the smart card using PC/SC interfaces or PKCS#11 interfaces. 
When using PC/SC interfaces, the smart card middleware vendor provides an MS CAPI provider. 
The method can automatically detect and use the proper MS CAPI provider. PC/SC mode is the 
recommended setting and should work with most smart card middleware on Windows.

If PC/SC communication is failing, you might want to try PKCS#11. When using PKCS#11, you 
must  specify the correct vendor PKCS#11 DLL. The library must be in the system path so it can be 
loaded by the method. You might need to contact the middleware vendor for the specific PKCS#11 
library name. Below is a table of common PKCS#11 libraries.

Table 3-1   

Common Vendors and PKCS#11 Libraries

3.5  Novell Client Single Sign-On

When using the smart card method, users enter the card's PIN for eDirectory login and are then 
prompted to enter a password for the workstation login. Novell Client's Single Sign-On feature can 
be used to automatically log into the workstation after the eDirectory login. This is accomplished by 
securely storing the workstation credentials in eDirectory and using them for future logins.

When using Single Sign-On, Novell Client prompts for the workstation password the first time and 
stores it in eDirectory. On subsequent logins, the user is not prompted for the workstation password. 
This improves the user's login experience and is recommended for all advanced eDirectory 
authentication methods.

3.6  Novell Client Passive Mode Login

Passive Mode Login is new functionality added to Novell Client 4.91 SP3. In passive mode, Novell 
Client defers to the default MS GINA for the initial Windows login. After authentication to the 
workstation, Novell Client attempts to authenticate to the Novell environment. The functionality 
was added to Novell Client to allow environments that use Windows AD smart card authentication 
to function correctly. It allows the smart card to be used to authenticate to AD and eDirectory.

In passive mode, the Windows user name used for workstation authentication is also used for 
eDirectory authentication. In order to successfully authenticate, the user name must exist in 
eDirectory, and the client's default location profile must be properly configured with the Tree and 
Context information.

Vendor

PKCS#11 Library Name

Active Card

acpkcs211.dll

Netsign

core32.dll

GemPlus

gclib.dll

eToken

eTpkcs11.dll

CryptoVision

cvP11.dll

Rainbow iKey

ckdk201.dll

  (Only PCKS#11 mode is functional 

for iKey devices)

Summary of Contents for Enhanced Smart Card Method 3.0.1

Page 1: ...Novell w w w n o v e l l c o m novdocx en 6 April 2007 Novell Enhanced Smart Card Method Installation Guide Enhanced Smart Card Method 3 0 1 J u l y 1 7 2 0 0 7 I N S T A LL A T IO N G U I D E...

Page 2: ...rt or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nu...

Page 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the prope...

Page 4: ...novdocx en 6 April 2007...

Page 5: ...Novell Client Passive Mode Login 22 4 Configuring the Server 25 4 1 Trusted Root Certificate Containers 25 4 2 Certificate Revocation Checking 25 4 2 1 OCSP Trusted Root Containers 26 4 2 2 CRL Trust...

Page 6: ...onfiguration Issues 38 6 3 1 Method Activation 38 6 3 2 Certificate Validation Issues 39 7 Security Administrator s Guide 41 7 1 Trusted Root Containers 41 7 2 Certificate Validation Revocation Checki...

Page 7: ...d items in a cross reference path A trademark symbol TM etc denotes a Novell trademark An asterisk denotes a third party trademark When a single pathname can be written with a backslash for some platf...

Page 8: ...8 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 9: ...login certificate the server module generates a random challenge and sends it to the client module to confirm that the user possesses the private key associated with the certificate The client module...

Page 10: ...10 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 11: ...y 8 8 SP1 on one of the following platforms NetWare 6 5 SP6 or later Windows 2003 Server SP1 or later Linux SUSE Linux Enterprise Server SLES 10 32 bit or 64 bit Red Hat AS 4 0 Server 32 bit or 64 bit...

Page 12: ...AFE SDK GPK16000 CryptoVision CardOS M4 01a Aladdin eToken PRO 64K Oberthur CosmopolIC 64K V5 2 Fast ATR PIV Web Based Administration Using iManager iManager version 2 6 SP2 with the NMAS plugin versi...

Page 13: ...Roles and Tasks select NMAS NMAS Login Methods then select New Figure 2 1 New Login Method 3 Click Browse and select the EnhancedSmartCard zip file that comes with the method This zip file contains t...

Page 14: ...ead and accept the license agreement Figure 2 3 License Agreement 5 Review the method information and modify the values as needed If you don t change the name the default name Enhanced Smart Card is u...

Page 15: ...Restart iManager to ensure that the plug in is enabled 2 2 2 Client Workstation Installation The method must be installed on each workstation 1 Log in to each workstation as an Administrator 2 Run Se...

Page 16: ...l 2007 4 Accept the License Agreement then click Next Figure 2 7 License Agreement 5 Choose whether you need disconnected support then click Next Disconnected support allows you to log in to the works...

Page 17: ...lugin Support Page 7 Conditional If you selected ID Plugin support you must also specify the container to search and the search timeout period then click Next The ID Plugin will do a sub tree search s...

Page 18: ...connect to the smart card then click Next PC SC functionality is the preferred interface Select PKCS 11 if you know the smart card middleware does not integrate with the Windows PC SC functionality If...

Page 19: ...Novell Enhanced Smart Card Method Installation 19 novdocx en 6 April 2007 Figure 2 13 Installation Screen...

Page 20: ...20 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 21: ...To perform a disconnected login select the Novell ClientTM Workstation only check box then enter the local account name and smart card PIN The previously stored local account information will be decr...

Page 22: ...tion credentials in eDirectory and using them for future logins When using Single Sign On Novell Client prompts for the workstation password the first time and stores it in eDirectory On subsequent lo...

Page 23: ...oginRequired 0 1 default is 0 0 don t require Novell login 1 require Novell login The following is additional information regarding the Novell Clients Passive Mode and the method If PassiveModeNDSLogi...

Page 24: ...24 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 25: ...wer levels in the directory hierarchy override higher level configurations Section 4 1 Trusted Root Certificate Containers on page 25 Section 4 2 Certificate Revocation Checking on page 25 Section 4 3...

Page 26: ...days after a CRL has expired to continue to treat it as valid This allows revocation checking to continue if a new CRL cannot be retrieved from the CRL Distribution Point If a Grace Period is not spec...

Page 27: ...obal Container User Card removal behavior defines the action taken when a user removes the smart card from the card reader There are three options No Action Nothing happens when the smart card is remo...

Page 28: ...28 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 29: ...ial period a valid license key must be entered to activate the method A license key can be obtained from your Novell sales representative To enter a license key click Smart Card Login Global Setting C...

Page 30: ...Create Trusted Root 2b Provide a name select the trusted root container created in Step 1 then select the certificate to import 2c Click OK Figure 5 3 Create Trusted Root Certificate Page 3 Add the t...

Page 31: ...Figure 5 5 on page 32 both OCSP and CRL revocation checking are enabled OCSP revocation checking is performed for certificates chaining to the abc_TrustedRoots container CRL checking is performed for...

Page 32: ...mart Card Login User Settings The information required depends on the type of certificate matching used Section 5 4 1 Subject Name Matching on page 32 Section 5 4 2 Certificate Matching on page 34 Sec...

Page 33: ...n an attached card reader or read from a certificate file DER and PEM certificate files are supported Figure 5 6 Add Subject Name Page Figure 5 7 on page 33 is an example of a User object properly con...

Page 34: ...red for the User object This is done by selecting Add and entering the certificate The certificate can be read from a smart card in an attached card reader or read from a certificate file DER and PEM...

Page 35: ...uld be issued to the individual and configured for a short period of time A temporary certificate is valid until the the specified expiration date When configured the user is only able to log in using...

Page 36: ...36 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007 Figure 5 10 Temporary Certificate Subject Name Page...

Page 37: ...er the method reports information to the NMASTM trace functionality which is integrated with eDirectoryTM s tracing To turn on tracing use the eDirectory iMonitor tool and select the NMAS option in th...

Page 38: ...the correct vendor library DLL The library must be in the system path so it can be loaded by the method You might need to contact the middleware vendor for the specific PKCS 11 library name 6 2 2 Iden...

Page 39: ...nfiguring Trusted Root Certificates on page 29 for information about configuring the trusted root container Certificate revocation checking is properly configured See Section 5 3 Configuring Certifica...

Page 40: ...40 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 41: ...mart card authentication should be restricted to administrators who are enrolling smart cards for users When matching by subject names the attributes are sasAllowableSubjectNames nclTmpCertSubject ncl...

Page 42: ...when choosing whether to use the Identity Plug in functionality 7 7 Disconnected Login The disconnected login functionality encrypts the password used to log in to the Windows local account and store...

Page 43: ...n Serial Number Subject Name Issuer Expiration Date In order to report audit events the audit system must be installed and properly configured for eDirectoryTM The method includes an audit configurati...

Page 44: ...44 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Page 45: ...s the standard password field descriptor turns disconnected support on suppresses the reboot and specifies PC SC as the smart card interface NOTE You cannot use spaces in the PASSWORD_FIELD_DESC param...

Page 46: ...Yes Set to 1 for reboot or 0 to suppress reboot 1 or 0 SMARTCARD_INTERFACE Yes For PC SC support set to 1 and for PKCS 11 support set to 2 1 or 2 ID_PLUGIN_SUPPORT Yes Set to 1 for no support or set...

Reviews:

No comments

Related manuals for Enhanced Smart Card Method 3.0.1

Canon PowerShot SD10 Digital ELPH Software Starter Manual preview
PowerShot SD10 Digital ELPH
Brand: Canon Pages: 124
Canon PowerShot G10 - Digital Camera - Compact Software User'S Manual preview
PowerShot G10 - Digital Camera - Compact
Brand: Canon Pages: 49
Xerox Wide Format 6030 Release Note preview
Wide Format 6030
Brand: Xerox Pages: 8
Arturia JUPITER-8V 2 User Manual preview
JUPITER-8V 2
Brand: Arturia Pages: 125
Aruba Networks ClearPass Guest 3.9 Deployment Manual preview
ClearPass Guest 3.9
Brand: Aruba Networks Pages: 518
Ricoh Caplio Utility for Macintosh Operation Manual preview
Caplio Utility for Macintosh
Brand: Ricoh Pages: 19
Acer ASM 7 Faq preview
ASM 7
Brand: Acer Pages: 32
Acer Altos RAIDWatch Manual preview
Altos RAIDWatch
Brand: Acer Pages: 212
MACROMEDIA Director MX Use Manual preview
Director MX
Brand: MACROMEDIA Pages: 624
Symantec ALTIRIS DEPLOYMENT SOLUTION Datasheet preview
ALTIRIS DEPLOYMENT SOLUTION
Brand: Symantec Pages: 3
Pfaff CREATIVE 4D EXPRESS MONOGRAM WIZARD Brochure preview
CREATIVE 4D EXPRESS MONOGRAM WIZARD
Brand: Pfaff Pages: 2
Ulead MEDIASTUDIO PRO 6.0 User Manual preview
MEDIASTUDIO PRO 6.0
Brand: Ulead Pages: 360
Garmin nRoute Help Manual preview
nRoute
Brand: Garmin Pages: 130
Canon DV Network Instruction Manual preview
DV Network
Brand: Canon Pages: 92
Asus Z87M-PLUS User Manual preview
Z87M-PLUS
Brand: Asus Pages: 164
Lenovo ThinkCentre Edge 71z Hardware Maintenance Manual preview
ThinkCentre Edge 71z
Brand: Lenovo Pages: 182
Janome Digitizer MBX Introduction Manual preview
Digitizer MBX
Brand: Janome Pages: 7
ViewSat OSDEdit 1.6 User Manual preview
OSDEdit 1.6
Brand: ViewSat Pages: 17

Brands by name

Popular brands

Load more brands