Automated Enrollment
Chapter
9
Authentication
397
./setpin host=yourhost port=9446 length=11 input=infile
output=outfile write "binddn=cn=pinmanager,o=example.com"
bindpw="netscape" basedn=o=netscape.com "filter=(uid=u*)"
7.
Use the output file for delivering PINs to users after you complete setting up
the required authentication method.
After you have confirmed that the PIN-based enrollment works, deliver the PINs
to users so they can use them during enrollment. To protect the privacy of PINs, be
sure to use a secure, out-of-band method for delivery.
Policy Setup for Replicated Directories
If your directory is replicated, pins may not be removed from the replicas for some
period after they have been removed from the master. The removal of the pins
from the replica does not occur until it is updated by the master. During this time
period, a user could theoretically apply for another certificate if the replica is used
to authenticate the user.
To avoid this problem, you need to enable the
AttributePresentConstraints
policy in the Certificate Manager that actually issues the certificates; see
“AttributePresentConstraints” on page 495. This policy forces the Certificate
Manager to check the master directory before issuing the certificate. If the
Registration Manager uses a Directory Server replica to authenticate users, and the
user successfully authenticates to a replica that still contains the pin, the Certificate
Manager will reject the request when this policy is enabled since the Certificate
Manager checks the master directory in which the pin has been removed.
Setting Up the UidPwdPinDirAuth Authentication
To setup this method of authentication:
1.
In the CMS window of the Certificate Manager or Registration Manager that
processes certificate requests, select the Configuration tab.
2.
Select Authentication in the navigation tree.
The right pane shows the Authentication Instance tab listing currently
configured authentication instances.
3.
Click Add.
The Select Authentication Plug-in Implementation window appears.
4.
Select the
UidPwdPinDirAuth
plug-in module.
5.
Click Next.
The Authentication Instance Editor window appears.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...