Step E. Check The Output File; Step F. Run The Command Again With The Write Option; Step 3. Enable The Attributepresentconstraints Policy - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Hide thumbs Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents

Advertisement

Configuring Authentication for End-User Enrollment

Step E. Check the Output File

Check the output file to be sure it contains PINs for your users; the output should
look similar to the one specified in PIN Generator documentation.
Next, verify that the tool has assigned PINs to the correct users and that the PINs
conform to the length and character-set restrictions you specified. If the output isn't
what you want, run the command again with appropriate arguments. Repeat the
process until the output file shows the results you want.

Step F. Run the Command Again with the Write Option

When you are sure about the results, run the command again (with exactly the
same arguments) with the
hashed PINs in the directory. For information on how PINs are stored in the
directory, see section "How PINs Are Stored in the Directory" of the PIN Generator
tool documentation.
Use the output file for delivering PINs to users after you complete setting up the
required authentication method; see "Step 9. Deliver PINs to End Users" on
page 544.
Step 3. Enable the AttributePresentConstraints
Policy
This step is required for PIN-based enrollment with PIN removal only in certain
deployment scenarios. Here's some information that will help you decide whether
you need to enable this policy.
In the password and PIN-based enrollment method, users enroll for a certificate
using their directory user ID, password and PIN. After a PIN has been used to
successfully authenticate a user, the Certificate Manager calls the
PinRemovalListener
authentication directory when the Certificate Manager issues the requested
certificate.
Note that listeners in Certificate Management System are objects which register
themselves as interested in knowing about certain events—for example, change in
the state of a request—and carry out a specific task. For more information on
listeners, check the samples directory:
<server_root>/cms_sdk/cms_jdk/samples/listeners
Once the PIN is removed from the authentication directory, it prevents the user
from enrolling for another certificate.
526
Netscape Certificate Management System Installation and Setup Guide • October 2001
option and the
write
module. This module removes the PIN from the
option. The tool stores the
output

Advertisement

Table of Contents
loading

Table of Contents