Configuring the Server
4
no
vd
ocx
(e
n)
6 Ap
ril 20
07
25
4
Configuring the Server
The method is configured by using the iManager Smart Card Login plug-in. The method allows
administrators to configure settings for the whole tree, partitions, containers, or individual users.
The plug-in has the following options:
Global Settings:
The global settings are used to specify policies for the whole tree. Options
configured globally apply to all user objects in the tree.
Container Settings:
If the container object is a partition root, the settings are effective for all
user objects in the partition. If the container is not a partition root, the settings are effective only
for objects in the immediate container. The settings do not affect users in subcontainers below
the container.
User Settings:
User settings apply to the individual User object.
Each setting is described below and identified as a global, container, or user level setting. Many
settings can be configured on all levels. Settings configured at lower levels in the directory hierarchy
override higher level configurations.
Section 4.1, “Trusted Root Certificate Containers,” on page 25
Section 4.2, “Certificate Revocation Checking,” on page 25
Section 4.3, “Certificate Validation,” on page 26
Section 4.4, “Certificate Matching,” on page 26
Section 4.5, “Certificate Expiration Warning,” on page 27
Section 4.6, “Card Removal Behavior,” on page 27
Section 4.7, “Check For Certificate Policy,” on page 27
4.1 Trusted Root Certificate Containers
Configuration Level: Global
The list of trusted root containers used for certificate validation. During certificate validation, the
method builds the certificate chain. In order to be valid, the certificate chain must end with a trusted
root certificate. Trusted root certificates are stored in trusted root containers.
4.2 Certificate Revocation Checking
Configuration Level: Global
Certificate revocation checking is part of the certificate validation process. In order to be considered
valid, a certificate must not be revoked. The method supports On-Line Certificate Status Protocol
(OCSP) and Certificate Revocation List (CRL) checking. The type of revocation checking
performed is configured on a per trusted root container basis.
Содержание Enhanced Smart Card Method 3.0.1
Страница 4: ...novdocx en 6 April 2007...
Страница 8: ...8 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 10: ...10 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 19: ...Novell Enhanced Smart Card Method Installation 19 novdocx en 6 April 2007 Figure 2 13 Installation Screen...
Страница 20: ...20 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 24: ...24 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 28: ...28 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 40: ...40 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...
Страница 44: ...44 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...