Configuring A Registration Manager; Setting Up Trust With A Ca; Adding Users; Configuring Authorization - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Configuring a Registration Manager
Configuring a Registration Manager
This section details the areas that you can configure for the Registration Manager and points
you to specific information on configuring those sets of features.
Setting Up Trust With a CA
You need to set up the Registration Manager as a trusted manager in the Certificate
Manager that issues certificates for the Registration Manager. If you got the Registration
Manager signing certificate from a CS CA, you could have set up this relationship when
you issued this certificate by selecting this option in the agent services interface on the
request page used to approve the request. If you have done this, you do not need to further
configure the Registration Manager for the trusted relationship. If you did not do this, you
need to set this up. You set up a trusted relationship by creating a user entry for the
Registration Manager in the Certificate Manager, adding that user to the Trusted Manager
group, and storing the certificate for the Registration Manager in the user entry. See
"Setting Up a Trusted Manager," on page 321 for details.
Adding Users
Once the Registration Manager is installed, you need to add users and assign them to the
administrator, agent, and auditor roles. If you selected the option to have the administrator
created during installation also act as an agent, then the administrator is your first agent. If
you did not, you need to create an agent user who can access the agent services interface.
See Chapter 9, "Authorization" for details on adding users and assigning them to groups.
Configuring Authorization
Each subsystem has a set of predefined roles that are assigned a default set of privileges.
You create users in the CS database and then assign them to a group to give them the
privileges of that group. The privileges assigned to a group are controlled by Access
Control Instructions (ACIs) placed in Access Control Lists (ACLs). ACLs define points that
need specific authorization. Generally, each defines a distinct set of functionality for the
server. ACIs define what operations can or cannot be performed by a user, group, or IP
address for that particular ACL. You can change the default ACIs set up in the ACLs to
change the privileges of a user, group, or IP address. You can also create new groups and
assign privileges to those groups by adding ACI entries for that group in the ACLs. For
complete details about creating users, assigning users to groups, creating groups, and
changing ACIs and ACLs, see Chapter 9, "Authorization."
Chapter 4
Registration Manager
145
Advertisement
Table of Contents
