Setting Up Directory Based Enrollment - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Automated Enrollment
• Pin Based Enrollment. End entities are authenticated against an LDAP directory
using their user ID, password, and a pin you set up in their directory entry and then
given to the end entity. See "Setting Up Pin Based Enrollment," on page 377.
• Portal Enrollment. End users are registered into an LDAP directory and issued a
certificate. If the user already has an entry in the directory, they are authenticated
against the directory and then issued a certificate. See "Setting Up Portal Enrollment,"
on page 382.
• CMCAuth. This plug-in allows you to create your own clients and then send agent
signed requests and have those requests processed. See "Setting Up CMC Enrollment,"
on page 385.
• AgentCertAuth. This plug-in allows you to set up automated authentication of agents
who can get server certificates through an automated process once they successfully
authenticate. The agent is authenticated by presenting their agent certificate. If the
certificate they present is the agent certificate that is stored in the database for this user
ID, the request for the server certificate is automatically processed. This plug-in is
enabled by default and has no parameters. This plug-in can only be used in the
certificate profile framework. You can associate this automated authentication method
with the certificate profile for enrolling for server certificates. You cannot use this
plug-in outside the certificate profile framework.
You can create custom plug-in modules for other methods of authentication using the CS
SDK. You must register and enable any custom plug-ins you create.

Setting Up Directory Based Enrollment

The
UidPwdDirAuth
directory-based authentication method. End users enroll for a certificate by providing their
user IDs or DN, and their password for the authentication to an LDAP directory.
To set up directory based authentication you do the following:
• Create an instance of either the
plug-in module and then configure the instance. See "Setting Up the UidPwdDirAuth
or UdnPwdDirAuth Authentication," on page 375 for details.
• Set any policies for certificate extensions, or for constraints on certificates, see Chapter
12, "Policies" for information about policies. Alternatively, you can enroll users
through the certificate profile functionality setting policies for specific certificates in
the certificate profile, see Chapter 11, "Certificate Profiles" for information about
policies.
374 Red Hat Certificate System Administrator's Guide • September 2005
and the
UdnPwdDirAuth
UidPwdDirAuth
plug-in modules implement the
or
UdnPwdDirAuth
Authentication