Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual page 58

Enrollment Forms
Default forms for end-entity enrollment (Continued)
Table 1-6
Menu link and form filename
Directory and PIN
(DirPinUserEnroll.html)
NIS
(NISUserEnroll.html)
Portal
(PortalEnrollment.html)
Certificate
(CertBasedDualEnroll.html)
Server (This section lists menu options for SSL server, Registration Manager, Certificate Manager, and
OCSP Responder enrollments.)
SSL Server
(ManServerEnroll.html)
58 Netscape Certificate Management System Plug-ins Guide • October 2001
Description
This form works with the UidPwdPinDirAuth module, enabling end
users to request SSL client and S/MIME certificates by entering their
user IDs, passwords, and PINs for the configured directory; the server
verifies this information against the specified directory and issues the
certificate.
This form works with the NISAuth module, enabling end users to
request SSL client and S/MIME certificates by entering their NIS user
IDs and passwords for the configured NIS server.
This form works with the PortalEnroll module, enabling end
users to register for an online service and at the same time submit a
request for a personal certificate. Note that the form models the
standard LDAP object class inetOrgPerson, which has many useful
attributes that can be used in a real portal deployment.
As a part of registration, a user is required (by the portal
authentication module) to supply a user ID and password for user ID
validation and a first and last name for user registration. Entering
information in other fields are optional; the server retrieves the rest of
the information needed to construct the subject name for the
certificate from the directory. As explained in "PortalEnroll Plug-in
Module" on page 44, if the user ID is unique, the server issues a
certificate and registers the user automatically. To protect the privacy
of a user's password, the server turns it in to a SHA-1 or MD5 hashed
password before storing it in the directory.
This form by default works with the UidPwdDirAuth module,
enabling end users to request dual certificates (one for signing another
for encryption) by submitting pre-issued certificates as authentication
tokens; the server verifies the CA that has issued the certificate, uses
the configured directory to formulate the subject names for the new
certificates, and issues the certificate.
Note that the link appears only if you create an instance of the
UidPwdDirAuth module and if the port number specified in the
instance configuration is an SSL port. For details, see
"Certificate-Based Enrollment" on page 52.
Server administrators can use this form to request SSL server
certificates for SSL-enabled servers, such as Netscape Administration
Server and Netscape Directory Server. Requests submitted using this
form get queued for agent approval.