Novell Enhanced Smart Card Method 3.0.1 Скачать руководство пользователя страница 39 | Manualshive

Страница: 39 / 46

background image

Troubleshooting

39

no

vd

ocx

(e

n)

6 Ap
ril 20

07

6.3.2 Certificate Validation Issues

If the method fails with an Invalid Certificate or Certificate Validation Failed message, the method
was unable to validate the certificate sent by the workstation. Check the following items:

The certificate on the smart card is not expired or has not been revoked by the issuing
Certificate Authority.

The method is properly configured with a trusted root container that contains a valid trusted
root certificate. See

Section 5.2, “Configuring Trusted Root Certificates,” on page 29

for

information about configuring the trusted root container.

Certificate revocation checking is properly configured. See

Section 5.3, “Configuring

Certificate Revocation Checking,” on page 31

for more information.

CRL and OCSP revocation checking requires connectivity to the CRL Distribution Point or
OCSP Responder. If the information is unavailable, the validation process fails.
When using OCSP validation, the OCSP response is signed by the responder's certificate. In
order for the response to be considered valid, the responder's certificate must be trusted. Place
the OCSP responder's trusted root certificate in the trusted root container to identify it as
trusted.

«
...
37
38
39
40
41
...
»

Содержание Enhanced Smart Card Method 3.0.1

Страница 1: ...Novell w w w n o v e l l c o m novdocx en 6 April 2007 Novell Enhanced Smart Card Method Installation Guide Enhanced Smart Card Method 3 0 1 J u l y 1 7 2 0 0 7 I N S T A LL A T IO N G U I D E...

Страница 2: ...rt or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nu...

Страница 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the prope...

Страница 4: ...novdocx en 6 April 2007...

Страница 5: ...Novell Client Passive Mode Login 22 4 Configuring the Server 25 4 1 Trusted Root Certificate Containers 25 4 2 Certificate Revocation Checking 25 4 2 1 OCSP Trusted Root Containers 26 4 2 2 CRL Trust...

Страница 6: ...onfiguration Issues 38 6 3 1 Method Activation 38 6 3 2 Certificate Validation Issues 39 7 Security Administrator s Guide 41 7 1 Trusted Root Containers 41 7 2 Certificate Validation Revocation Checki...

Страница 7: ...d items in a cross reference path A trademark symbol TM etc denotes a Novell trademark An asterisk denotes a third party trademark When a single pathname can be written with a backslash for some platf...

Страница 8: ...8 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 9: ...login certificate the server module generates a random challenge and sends it to the client module to confirm that the user possesses the private key associated with the certificate The client module...

Страница 10: ...10 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 11: ...y 8 8 SP1 on one of the following platforms NetWare 6 5 SP6 or later Windows 2003 Server SP1 or later Linux SUSE Linux Enterprise Server SLES 10 32 bit or 64 bit Red Hat AS 4 0 Server 32 bit or 64 bit...

Страница 12: ...AFE SDK GPK16000 CryptoVision CardOS M4 01a Aladdin eToken PRO 64K Oberthur CosmopolIC 64K V5 2 Fast ATR PIV Web Based Administration Using iManager iManager version 2 6 SP2 with the NMAS plugin versi...

Страница 13: ...Roles and Tasks select NMAS NMAS Login Methods then select New Figure 2 1 New Login Method 3 Click Browse and select the EnhancedSmartCard zip file that comes with the method This zip file contains t...

Страница 14: ...ead and accept the license agreement Figure 2 3 License Agreement 5 Review the method information and modify the values as needed If you don t change the name the default name Enhanced Smart Card is u...

Страница 15: ...Restart iManager to ensure that the plug in is enabled 2 2 2 Client Workstation Installation The method must be installed on each workstation 1 Log in to each workstation as an Administrator 2 Run Se...

Страница 16: ...l 2007 4 Accept the License Agreement then click Next Figure 2 7 License Agreement 5 Choose whether you need disconnected support then click Next Disconnected support allows you to log in to the works...

Страница 17: ...lugin Support Page 7 Conditional If you selected ID Plugin support you must also specify the container to search and the search timeout period then click Next The ID Plugin will do a sub tree search s...

Страница 18: ...connect to the smart card then click Next PC SC functionality is the preferred interface Select PKCS 11 if you know the smart card middleware does not integrate with the Windows PC SC functionality If...

Страница 19: ...Novell Enhanced Smart Card Method Installation 19 novdocx en 6 April 2007 Figure 2 13 Installation Screen...

Страница 20: ...20 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 21: ...To perform a disconnected login select the Novell ClientTM Workstation only check box then enter the local account name and smart card PIN The previously stored local account information will be decr...

Страница 22: ...tion credentials in eDirectory and using them for future logins When using Single Sign On Novell Client prompts for the workstation password the first time and stores it in eDirectory On subsequent lo...

Страница 23: ...oginRequired 0 1 default is 0 0 don t require Novell login 1 require Novell login The following is additional information regarding the Novell Clients Passive Mode and the method If PassiveModeNDSLogi...

Страница 24: ...24 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 25: ...wer levels in the directory hierarchy override higher level configurations Section 4 1 Trusted Root Certificate Containers on page 25 Section 4 2 Certificate Revocation Checking on page 25 Section 4 3...

Страница 26: ...days after a CRL has expired to continue to treat it as valid This allows revocation checking to continue if a new CRL cannot be retrieved from the CRL Distribution Point If a Grace Period is not spec...

Страница 27: ...obal Container User Card removal behavior defines the action taken when a user removes the smart card from the card reader There are three options No Action Nothing happens when the smart card is remo...

Страница 28: ...28 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 29: ...ial period a valid license key must be entered to activate the method A license key can be obtained from your Novell sales representative To enter a license key click Smart Card Login Global Setting C...

Страница 30: ...Create Trusted Root 2b Provide a name select the trusted root container created in Step 1 then select the certificate to import 2c Click OK Figure 5 3 Create Trusted Root Certificate Page 3 Add the t...

Страница 31: ...Figure 5 5 on page 32 both OCSP and CRL revocation checking are enabled OCSP revocation checking is performed for certificates chaining to the abc_TrustedRoots container CRL checking is performed for...

Страница 32: ...mart Card Login User Settings The information required depends on the type of certificate matching used Section 5 4 1 Subject Name Matching on page 32 Section 5 4 2 Certificate Matching on page 34 Sec...

Страница 33: ...n an attached card reader or read from a certificate file DER and PEM certificate files are supported Figure 5 6 Add Subject Name Page Figure 5 7 on page 33 is an example of a User object properly con...

Страница 34: ...red for the User object This is done by selecting Add and entering the certificate The certificate can be read from a smart card in an attached card reader or read from a certificate file DER and PEM...

Страница 35: ...uld be issued to the individual and configured for a short period of time A temporary certificate is valid until the the specified expiration date When configured the user is only able to log in using...

Страница 36: ...36 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007 Figure 5 10 Temporary Certificate Subject Name Page...

Страница 37: ...er the method reports information to the NMASTM trace functionality which is integrated with eDirectoryTM s tracing To turn on tracing use the eDirectory iMonitor tool and select the NMAS option in th...

Страница 38: ...the correct vendor library DLL The library must be in the system path so it can be loaded by the method You might need to contact the middleware vendor for the specific PKCS 11 library name 6 2 2 Iden...

Страница 39: ...nfiguring Trusted Root Certificates on page 29 for information about configuring the trusted root container Certificate revocation checking is properly configured See Section 5 3 Configuring Certifica...

Страница 40: ...40 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 41: ...mart card authentication should be restricted to administrators who are enrolling smart cards for users When matching by subject names the attributes are sasAllowableSubjectNames nclTmpCertSubject ncl...

Страница 42: ...when choosing whether to use the Identity Plug in functionality 7 7 Disconnected Login The disconnected login functionality encrypts the password used to log in to the Windows local account and store...

Страница 43: ...n Serial Number Subject Name Issuer Expiration Date In order to report audit events the audit system must be installed and properly configured for eDirectoryTM The method includes an audit configurati...

Страница 44: ...44 Novell Enhanced Smart Card Method Installation Guide novdocx en 6 April 2007...

Страница 45: ...s the standard password field descriptor turns disconnected support on suppresses the reboot and specifies PC SC as the smart card interface NOTE You cannot use spaces in the PASSWORD_FIELD_DESC param...

Страница 46: ...Yes Set to 1 for reboot or 0 to suppress reboot 1 or 0 SMARTCARD_INTERFACE Yes For PC SC support set to 1 and for PKCS 11 support set to 2 1 or 2 ID_PLUGIN_SUPPORT Yes Set to 1 for no support or set...

Отзывы:

Нет отзывов

Похожие инструкции для Enhanced Smart Card Method 3.0.1

Бренд: Panasonic Страницы: 20

Бренд: Barco Страницы: 31

ClearPass Guest 3.9

Бренд: Aruba Networks Страницы: 518

Бренд: Campbell Страницы: 250

Бренд: MMSOFT Design Страницы: 85

Laptop Camera Controller flex LCC

Бренд: ARRI Страницы: 10

D:Scribe Standalone

Бренд: Sonifex Страницы: 32

Бренд: EverFocus Страницы: 44

Бренд: VERITAS Страницы: 580

Бренд: DigiDesign Страницы: 886

ANTI-VIRUS 5.5 - FOR MICROSOFT EXCHANGE SERVER...

Бренд: KAPERSKY Страницы: 143

FreeFlow 701P45570

Бренд: Xerox Страницы: 12

SCAN TO PC DESKTOP 10

Бренд: Xerox Страницы: 4

Pull Print Service Provider Version 1.0...

Бренд: Canon Страницы: 54

Бренд: Canon Страницы: 40

QUICK DROP 2.0 - VERSION 2006

Бренд: Ulead Страницы: 9

Бренд: KIP Страницы: 62

REPLAY PSP 1000

Бренд: Datel Страницы: 7

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды