Plug-In Modules; Authentication Plug-In Modules - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

System Overview
System administrators set up CMS subsystems through Netscape Console, and
agents manage end-entity requests and certificates through HTML pages. For more
information about facilities available to administrators and agents, see Chapter 13,
"Managing Privileged Users and Groups."

Plug-in Modules

Certificate Management System includes a plug-in architecture for code modules
that authenticate user identities and code modules that enforce policies.
Each type of request from an end user—for certificate enrollment, renewal,
revocation, or retrieval—is handled by a different servlet, a piece of Java code
designed for that kind of request. Each servlet processes the request using the
appropriate protocols (such as the HTML tag or PKCS #10) for each type of
KEYGEN
end entity. Additional servlets control interactions with administrators and agents.
The sections that follow provide an overview of the plug-in modules provided
with Certificate Management System. For detailed information about all the
plug-in modules, refer to CMS Plug-ins Guide. To locate this guide, see "Where to
Go for Related Information" on page 28.

Authentication Plug-in Modules

An authentication module is a set of rules (implemented as a Java class) for
authenticating an end user, server, or other entity that needs to interact with a CMS
manager. (Similar rules are used to authenticate agents and administrators, but
they are built into Certificate Management System instead of being implemented as
plug-in modules.) With a typical end-user enrollment, the user supplies the
information requested by the Registration Manager on an enrollment form, and
then the servlet uses an authentication module specified within the form to
validate the information and authenticate the user's identity. This simple input
value makes it possible to use custom authentication for any form without
changing the corresponding servlet code.
Both the Certificate Manager and Registration Manager support client SSL
certificate-based authentication (for both agents and end entities). Netscape
Console supports user ID- and password-based authentication for administrators.
Registration Managers and Certificate Managers can also be configured to use any
of the authentication modules provided for authenticating end-users during
certificate enrollments; see Table 1-2.
Chapter 1 Introduction to Certificate Management System 55