Authentication Of Agents - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual

Introduction to Authentication

Authentication of Agents

When an agent makes a request to Certificate Management System (from the
appropriate Agent Services interface), the server needs to authenticate the agent
before processing the request. To facilitate this, Certificate Management System
supports a certificate-based authentication method.
Certificate Management System identifies and authenticates a user with agent
privileges by checking the user's SSL client certificate in its internal database. The
certificates it checks are the ones you imported and stored in the internal database
while creating or modifying the user entry. You create agent users for a CMS
instance by adding their client certificates into the internal database and
associating them with the corresponding users' identification information; for
details, see "Setting Up Agents" on page 391.
When an agent makes a request to perform a privileged operation, the server
requests SSL client authentication from the client that the agent has used to connect
to the server. The server then uses the successfully SSL client-authenticated
certificate to map to internal user entries for further checks. The server checks the
certificate's subject name and issuer name against the list of privileged-user
certificates stored in its internal database. If the certificate belongs to a privileged
user who is authorized (based on group membership) to perform agent operations,
the server allows the user to perform the requested operation. Otherwise, the
server rejects the request and logs an appropriate message; for details, see ,
"Managing CMS Logs."
NOTE
Figure 15-2 shows how a Registration Manager authenticates and authorizes a
Registration Manager agent.
492 Netscape Certificate Management System Installation and Setup Guide • May 2002
Authentication for agents is hardcoded; it is not configurable.