Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual page 798

Setting up CEP Enrollment Manually
There's an added advantage in determining unique attributes for it allows you to
enforce a rule on the attributes that must be present in the CEP enrollment request.
For example, if you would like to enforce that a particular router be assigned to an
IP address and host name, you could set the
auths.instance.flatfile.keyAttributes=UNSTRUCTUREDNAME,UNSTRUCTURED
ADDRESS,SERIALNUMBER
Once an entry has been found in the authentication-token file, the server tests the
authentication tokens specified in the
the file. Only if they all match, the server grants the request. For the purposes of
this discussion, let us assume that you define a single authentication token named
for the challenge password. In this case, you would set the
pwd
parameter as follows:
auths.instance.flatfile.authAttributes=pwd
In summary, to implement the automated CEP enrollment process, you need to do
the following:
Decide on authentication credentials for users.
1.
Prepare a list of your CEP enrollees and assign a password to each enrollee.
Prepare the authentication-token file with the credentials.
2.
Create a text file with CEP-enrollee information. The format of the
authentication-token file must be as follows:
<attribute>: <value>
<attribute>: <value>
...
<attribute>: <value>
<attribute>: <value>
Each enrolling user is represented by a sequence of attribute-value pairs,
terminated by a blank line or end-of-file (EOF). The attributes can be any part
of the subject name from the request, for example
or the challenge password (
DN: <DN_for_user1>
UNSTRUCTUREDNAME: router32.example.com
UNSTRUCTUREDADDRESS: 101.22.33.124
SERIALNUMBER: 239333
pwd: ff93Kd
DN: <DN_for_user1>
798 Netscape Certificate Management System Installation and Setup Guide • March 2002
keyAttributes
authAttributes
). An example is shown below:
pwd
parameter as follows:
parameter against those in
authAttributes
, CN,
SERIALNUMBER OU
, ,
UID