Setting Up Directory-Based Authentication - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
• CMCAuth. Clients are created and sent agent-signed requests. Those requests are then processed,
and the certificate issued. See
• AgentCertAuth. Agents who are successfully issued server certificates through an automated
process are automatically authenticated when they present the agent certificate. If the certificate
presented is the agent certificate stored in the database for the user ID, the request for the server
certificate is automatically processed. This plug-in is enabled by default and has no parameters.
This form of automatic authentication can be associated with the certificate profile for enrolling for
server certificates.
Custom plug-in modules for other methods of authentication can be created using the CS SDK. All
custom plug-ins must be registered and enabled.
15.3.1. Setting up Directory-Based Authentication
The UidPwdDirAuth and the UdnPwdDirAuth plug-in modules implement directory-based
authentication. End users enroll for a certificate by providing their user IDs or DN and password to
authenticate to an LDAP directory.
Set up directory-based authentication by doing the following:
1. Create an instance of either the UidPwdDirAuth or UdnPwdDirAuth authentication plug-in
module and configure the instance.
a. Open the CA Console.
pkiconsole https://server.example.com:9443/ca
b. In the Configuration tab, select Authentication in the navigation tree.
The right pane shows the Authentication Instance tab, which lists the currently configured
authentication instances.
NOTE
The UidPwdDirAuth plug-in is enabled by default.
c. Click Add.
The Select Authentication Plug-in Implementation window appears.
d. Select UidPwdDirAuth for user ID and password authentication, or select UdnPwdDirAuth
for DN and password authentication.
e. Fill in the following fields in the Authentication Instance Editor window:
• Authentication Instance ID. Accept the default instance name, or enter a new name.
• dnpattern. Specifies a string representing a subject name pattern to formulate from the
directory attributes and entry DN.
Section 15.4, "Setting up CMC
Setting up Directory-Based Authentication
Enrollment".
345
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?