Introduction To The Enterprise Security Client; Red Hat Enterprise Linux, Single Sign-On, And Authentication - Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 Manual

Chapter 1.
Introduction to the Enterprise Security
Client
The Enterprise Security Client is a tool for Red Hat Certificate System which simplifies managing
smart cards. End users can use security tokens (smart cards) to store user certificates used for
applications such as single sign-on access and client authentication. End users are issued the tokens
containing certificates and keys required for signing, encryption, and other cryptographic functions.
The Enterprise Security Client is the third part of Certificate System's complete token management
system. Two subsystems — the Token Key Service (TKS) and Token Processing System (TPS) — are
used to process token-related operations. The Enterprise Security Client is the interface which allows
the smart card and user to access the token management system.
After a token is enrolled, applications such as Mozilla Firefox and Thunderbird can be configured to
recognize the token and use it for security operations, like client authentication and S/MIME mail.
Enterprise Security Client provides the following capabilities:
• Supports Global Platform-compliant smart cards like Gemalto 64K V2 and Safenet 300J Java smart
cards.
• Enrolls security tokens so they are recognized by TPS.
• Maintains the security token, such as re-enrolling a token with TPS.
• Provides information about the current status of the token or tokens being managed.
• Supports server-side key generation through the TPS and DRM subsystems so that keys can be
archived and recovered on a separate token if a token is lost.
1.1. Red Hat Enterprise Linux, Single Sign-On, and
Authentication
Network users frequently have to submit multiple passwords for the various services they use, such as
email, web browsing and intranets, and servers on the network. Maintaining multiple passwords, and
constantly being prompted to enter then, is a hassle for users and administrators. Single sign-on is a
configuration which allows administrators to create a single password store so that users can log in
once, using a single password, and be authenticated against all network resources.
Red Hat Enterprise Linux 5.3 supports single sign-on for several resources, including logging into
workstation and unlocking screensavers, accessing encrypted web pages using Mozilla Firefox, and
sending encrypted email using Mozilla Thunderbird.
Single sign-on is both a convenience to users and another layer of security for the server and the
network. Single sign-on hinges on secure and effective authentication, and the Enterprise Security
Client ties into the public-key infrastructure implemented by Red Hat Certificate System.
One of the cornerstones of establishing a secure network environment is making sure that access is
restricted to people who have the right to access the network. This access is allowed then the user
can authenticate to the system, meaning the user can verify his identity. One method of verifying an
identity is presenting a certificate. A certificate is an electronic document which identifies the entity
which presents it.
1