Configuring Or Disabling Ldap Authentication - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

• Encryption
• The encryption key version and type
channel.blocksize=248
channel.defKeyIndex=0
channel.defKeyVersion=0
channel.encryption=true
Example 5.3. Default TPS-Token Channel Configuration
The defKeyIndex and defKeyVersion parameters should remain the default value, as in
Example 5.3, "Default TPS-Token Channel
The channel.encryption configuration parameter sets whether to use an encrypted channel
between the TPS and tokens managed by the Enterprise Security Client.
channel.encryptionchannel.encryption=true
For security, the channel.encryptionchannel.encryption parameter should always be set to
true, the default.

5.7.3. Configuring or Disabling LDAP Authentication

The TPS, by default, requires a user to authenticate to an LDAP directory when a smart card operation
request is received. There are three parameters for this which can be set for each separate token
operation:
op.operation.key_type.auth.enable=true|false
op.operation.key_type.auth.id=ldap_db_config_entry
op.operation.key_type.loginRequest.enable=true|false
Setting these parameters determines whether LDAP authentication is required, which the LDAP
directory to use for the authentication (by referencing its entry in the TPS CS.cfg file), and whether to
send the login request to the smart card client program.
NOTE
The user must have an existing LDAP user entry in the LDAP server instance specified in
the TPS's CS.cfg file in order to complete the operation.
To configure LDAP authentication:
1. Stop the TPS subsystem.
service pki-tps stop
2. Set the authentication parameters.
op.operation_type.token_type.loginRequest.enable=false|true
op.operation_type.token_type.auth.id=ldap_db_config_entry
op.operation_type.token_type.auth.enable=false|true
Configuring or Disabling LDAP Authentication
Configuration".
157