1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT...
  6. Manual

Setting Up Users To Be Enrolled; Enrolling A Smart Card Automatically - Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 Manual

Managing smart cards with the enterprise security client
Hide thumbs
Table of Contents

Advertisement

Chapter 3. Using the Enterprise Security Client
configuration URI is accessed, the TPS server is prompted to return all of the Phone Home information
to the Enterprise Security Client.
To test the URL of the Smart Card server, enter the address in the TPS Config URI field, and click
Test URL.
If the server is successfully contacted, a message box indicates success. If the test connection fails,
an error dialog appears.

3.4. Setting up Users to Be Enrolled

When the Token Processing System is installed, one of its configuration settings is the LDAP directory
to use to recognize users who are allowed to enroll a token. Only users who are stored within this
authentication directory are allowed to enroll or format or have a token. Before attempting to enroll
a token or smart card, make sure that the person requesting the operation has an entry in the LDAP
directory.
The TPS is configured to look at a specific base DN in the LDAP directory. This is configured in the
TPS's CS.cfg:
auth.instance.0.baseDN=dc=example,dc=com
auth.instance.0.hostport=server.example.com:389
For a user to be allowed to enroll a token, the user must be somewhere below the base DN.
If the user does not already have an entry, then the administrator must add the user to the specified
LDAP directory in the specified base DN before any tokens can be enrolled for the user.
/usr/bin/ldapmodify -a -D "cn=Directory Manager" -w secret -p 389 -h server.example.com
dn: uid=jsmith,ou=People, dc=example,dc=com
objectclass: person
objectclass: inetorgperson
objectclass: top
uid: jsmith
cn: John Smith
email: jsmith@example.com
userPassword: secret

3.5. Enrolling a Smart Card Automatically

Because the Enterprise Security Client is configured using the Phone Home feature, enrolling a
smart card is extremely easy. Because the information needed to contact the backend TPS server is
provided with each smart card, the user is guided quickly and easily through the procedure.
To enroll an uninitialized smart card:
NOTE
This procedure assumes that the smart card is uninitialized and the appropriate Phone
Home information has been configured.
1. Ensure that the Enterprise Security Client is running.
20

Advertisement

Table of Contents
loading

Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010

Related Content for Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010

This manual is also suitable for:

System 8.0 - managing smart cards with the enterprise security clientCertificate system 8.0 - administration

Table of Contents