Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual page 368
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
Chapter 15. Authentication for Enrolling Certificates
setpin host=yourhost port=9446 length=11 input=infile output=outfile write
"binddn=cn=pinmanager,o=example.com" bindpw="password" basedn=o=example.com
"filter=(uid=u*)"
g. Use the output file for delivering PINs to users after completing setting up the required
authentication method.
After confirming that the PIN-based enrollment works, deliver the PINs to users so they can
use them during enrollment. To protect the privacy of PINs, use a secure, out-of-band delivery
method.
2. Set the policies for specific certificates in the certificate profiles to enroll users. See
Certificate Profiles
3. Create and configure an instance of the UidPwdPinDirAuth authentication plug-in.
a. Open the CA Console.
pkiconsole https://server.example.com:9443/ca
b. In the Configuration tab, select Authentication in the navigation tree.
The right pane shows the Authentication Instance tab, which lists the currently configured
authentication instances.
c. Click Add.
The Select Authentication Plug-in Implementation window appears.
d. Select the UidPwdPinDirAuth plug-in module.
e. Fill in the following fields in the Authentication Instance Editor window:
• Authentication Instance ID. Accept the default instance name or enter a new name.
• removePin. Sets whether to remove PINs from the authentication directory after end users
successfully authenticate. Removing PINs from the directory restricts users from enrolling
more than once, and thus prevents them from getting more than one certificate.
• pinAttr. Specifies the authentication directory attribute for PINs. The PIN Generator
utility sets the attribute to the value of the objectclass parameter in the setpin.conf
file; the default value for this parameter is pin.
• dnpattern. Specifies a string representing a subject name pattern to formulate from the
directory attributes and entry DN.
• ldapStringAttributes. Specifies the list of LDAP string attributes that should be considered
authentic for the end entity. Entering values for this parameter is optional.
• ldapByteAttributes. Specifies the list of LDAP byte (binary) attributes that should be
considered authentic for the end entity. If specified, the values corresponding to these
348
for information about certificate profile policies.
Chapter 12,
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?