Novell Enhanced Smart Card Method 3.0.1, Руководство по установке

Страница: 27 / 46

Configuring the Server 27
no
vd
ocx
(e
n)
6 Ap
ril 20
07
Š
No Matching: No matching means no part of the login certificate must be configured on the
target user account. Typically, this option would not be used for regular user accounts. A
potential use would be for guest accounts. A guest account could be configured as no matching,
and then anyone with a valid certificate could log in to the account.
4.5 Certificate Expiration Warning
Configuration Level: Global, Container, User
During login a user can be notified of an impending certificate expiration. This setting defines the
number of days in advance to notify the user of the upcoming certificate expiration. A value of zero
means no certificate expiration warnings are given.
4.6 Card Removal Behavior
Configuration Level: Global, Container, User
Card removal behavior defines the action taken when a user removes the smart card from the card
reader. There are three options:
Š
No Action: Nothing happens when the smart card is removed from the card reader.
Š
Lock Workstation: The workstation is locked when the smart card is removed from the card
reader.
Š
Forced Log Off: The user is logged out of the workstation when the smart card is removed
from the card reader. This setting should be used with caution because it can result in the user
losing work when the forced logout occurs.
4.7 Check For Certificate Policy
Configuration Level: Global, Container, User
A certificate policy is used to define a specific policy OID that must exist in a login certificate. If
enabled, login certificates must contain the specified policy OID to be considered valid. The policy
name and OID information are defined once globally. The check for policy setting can be enabled or
disabled throughout the directory hierarchy.