About Authorization
328
Netscape Certificate Management System Administrator’s Guide • February 2003
Authentication of Auditors
Auditors are authenticated into the CMS console by using their login and
password. Once authenticated, they can only view the audit logs, they are not able
to edit other parts of the system.
You can change the method of authentication for an auditor to SSL client
authentication. See “Setting up Certificate Authentication for the CMS Console,”
on page 249 for complete details.
Agents
Agents are users who have been assigned end-entity certificate- and
key-management privileges. Agents can access the agent services interface, and
perform tasks associated with their subsystem in that interface. For a complete list
of agent tasks, see the CMS Agent’s Guide.
You create agents by creating a user, assigning membership in the appropriate
agent group, and identifying certificates that the agents must use for SSL client
authentication to the subsystem (for it to service requests from the agents).
Each CMS subsystem has its own agents whose role is defined by the subsystem.
Each subsystem installed in a CMS instance must have at least one agent, and there
is no limit to the number of agents a subsystem can have.
Authentication of Agents
CMS identifies and authenticates a user with agent privileges by checking the user’s
SSL client certificate in its internal database. See “Agent Certificates,” on page 337.
For information on obtaining and revoking agent certificates, see “Revocation
Status Checking of Agent Certificates,” on page 341.
Groups for Agents
Each substystem has its own agent group:
•
Certificate Manager Agents group is the agent group for a Certificate Manager.
During installation the administrator can be designated as the first agent; you
are given a choice to add the administrator to the agents group. Note that this
choice also enables or disables the ability to add users to multiple groups. If
you choose to enable this feature, users can be assigned to more than one
group. If you disable this feature, users will not be allowed to be added to more
than one group.
•
Registration Manager Agents group is the agent group for a Registration
Manager. No members are added to this group during installation, you must
add members after installation.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...