NISAuth Plug-in Module
Chapter
1
Authentication Plug-in Modules
37
❍
If the end user does not have a valid entry in the NIS server, the Certificate
Manager or Registration Manager rejects the request, logs an error
message, and sends a rejection notification to the user.
❍
If the end user has a valid entry in the NIS server, the Certificate Manager
or Registration Manager checks to see if any LDAP directory has been
configured for retrieving attributes for constructing the certificate subject
name. If a directory is specified, the server checks it for the user’s entry,
retrieves all the information required to construct the subject name, and
adds the subject name to the certificate request. If a directory is
unspecified, the server uses the NIS user’s name, user ID, and extended
DN (if specified) for the subject name.
If, for some reason, the directory to which the server binds for retrieving user
attributes is unavailable, the server writes the appropriate LDAP error code to
the log. A sample log entry with an LDAP error code is shown below:
30/Dec/1999:18:40:25 -0700] conn=0 op=7 RESULT err=32 tag=101
nentries=0 etime=0]
3.
Next, the server subjects the certificate request to policy processing. For details,
see Chapter 18, “Setting Up Policies” of CMS Installation and Setup Guide.
❍
If the request fails any of the configured policies, the server rejects the
request, logs an error message, and sends a rejection notification to the end
user.
❍
If the request passes all the configured policies, the server issues the end
user a certificate.
The end user gets the certificate, which, if the server is configured to do so,
is delivered to the email address specified in the request or in the directory;
for information on configuring a Certificate Manager or Registration
Manager to send automated notifications, see section “Notifications of
Certificate Issuance to End Entities” in Chapter 16, “Setting Up Automated
Notifications” of CMS Installation and Setup Guide.
Configuration Parameters of NISAuth
In the configuration file, the
NISAuth
module is identified as
auths.impl.NISAuth.class=com.netscape.cms.authentication.
NISAuth
.
In the CMS window, the module is identified as
NISAuth
. Figure 1-7 shows how
configurable parameters of the module are displayed in the CMS window.
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...