Automated Enrollment - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Automated Enrollment

• Customize the HTML enrollment forms for your deployment. For policy-based
enrollment, you edit the forms directly. For certificate profile-based
enrollment, you configure inputs that are used to dynamically create the
HTML enrollment form.
Automated Enrollment
Automated enrollment is the method in which an end-entity enrollment request is
processed upon the successful authentication of the end entity as defined by an
instance of an authentication plug-in module; no agent intervention or approval is
necessary. The following authentication plug-in modules are provided:
• Directory Based Enrollment. End entities are authenticated against an LDAP
directory using their user ID and password, or their DN and password. See
"Setting Up Directory Based Enrollment," on page 389.
• NIS Based Enrollment. End entities are authenticated against an NIS server.
See "Setting Up NIS Based Enrollment," on page 391.
• Pin Based Enrollment. End entities are authenticated against an LDAP
directory using their user ID, password, and a pin you set up in their directory
entry and then given to the end entity. See "Setting Up Pin Based Enrollment,"
on page 395.
• Portal Enrollment. End users are registered into an LDAP directory and issued
a certificate. If the user already has an entry in the directory, they are
authenticated against the directory and then issued a certificate. See "Setting
Up Portal Enrollment," on page 400.
• CMCAuth. This plug-in allows you to create your own clients and then send
agent signed requests and have those requests processed. See "Setting Up
CMC Enrollment," on page 404.
• AgentCertAuth. This plug-in allows you to set up automated authentication of
agents who can get server certificates through an automated process once they
successfully authenticate. The agent is authenticated by presenting their agent
certificate. If the certificate they present is the agent certificate that is stored in
the database for this user ID, the request for the server certificate is
automatically processed. This plug-in is enabled by default and has no
parameters. This plug-in can only be used in the certificate profile framework.
You can associate this automated authentication method with the certificate
profile for enrolling for server certificates. You cannot use this plug-in outside
the certificate profile framework.
388 Netscape Certificate Management System Administrator's Guide • February 2003