Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 261
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Usually, the parameters which need updated are the Directory Server's host name, Directory
Manager's bind password, and PIN manager's password.
d. Run the setpin command with its optfile option pointing to the setpin.conf file.
setpin optfile=/usr/lib/pki/native-tools/setpin.conf
The tool modifies the schema with a new attribute (by default, pin) and a new object class
(by default, pinPerson), creates a pinmanager user, and sets the ACI to allow only the
pinmanager user to modify the pin attribute.
e. To generate PINs for specific user entries or to provide user-defined PINs, add these PINs
using an input file. For information on constructing an input file, see the PIN generator chapter
in the Certificate System Command-Line Tools Guide.
f.
Run the setpin command to create hashed PINs in the directory.
Run the tool first without the write option to generate a list of PINs without actually changing
the directory.
For example:
setpin host=yourhost port=9446 length=11 input=infile output=outfile write
"binddn=cn=pinmanager,o=example.com" bindpw="password" basedn=o=example.com
"filter=(uid=u*)"
g. Use the output file for delivering PINs to users after completing setting up the required
authentication method.
After confirming that the PIN-based enrollment works, deliver the PINs to users so they can
use them during enrollment. To protect the privacy of PINs, use a secure, out-of-band delivery
method.
2. Set the policies for specific certificates in the certificate profiles to enroll users. See
Making Rules for Issuing Certificates
3. Create and configure an instance of the UidPwdPinDirAuth authentication plug-in.
a. Open the CA Console.
pkiconsole https://server.example.com:9445/ca
b. In the Configuration tab, select Authentication in the navigation tree.
The right pane shows the Authentication Instance tab, which lists the currently configured
authentication instances.
c. Click Add.
The Select Authentication Plug-in Implementation window appears.
d. Select the UidPwdPinDirAuth plug-in module.
for information about certificate profile policies.
Setting up PIN-Based Enrollment
Chapter 2,
239
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?