Table of Contents
Advertisement
Security Administrator's Guide
7
As with any system, good security requires proper configuration. This section lists
recommendations to ensure that the method functions properly.
7.1 Trusted Root Containers
These containers must include only certificates from trusted Certificate Authorities. Administration
of the certificates in these containers should be restricted.
7.2 Certificate Validation/Revocation Checking
Certificate validation should be enabled and revocation checking properly configured. If a CRL
Grace Period is used, the grace period should be limited to a few days. Do not use the CRL Grace
Period as a mechanism to work around a dysfunctional CRL infrastructure.
7.3 Smart Card Enrollment eDirectory Attributes
Administration of the user attributes used for smart card authentication should be restricted to
administrators who are enrolling smart cards for users.
When matching by subject names, the attributes are:
sasAllowableSubjectNames
nclTmpCertSubject
nclTmpCertExpiration
When matching by certificates, the attributes are:
userCertificate
nclTmpCert
nclTmpCertExpTime
7.4 Certificate Matching
The certificate matching settings should be set to Subject Name matching or Certificate matching.
Certificate matching is more restrictive because it checks the login certificate against the list of
certificates configured for the user. The No Matching option should be used only in specific guest
account scenarios as described in the
7.5 Restricting Authentication Methods
Users can be restricted to using the smart card authentication method only. This is accomplished by
restricting the user to a specified NMAS
Guide
(http://www.novell.com/documentation/nmas311/index.html)describes how to do this.
Section 5.4.2, "Certificate Matching," on page
authentication sequence. The
TM
34.
NMAS Administration
Security Administrator's Guide
7
41
Advertisement
Table of Contents
Related Manuals for Novell ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007
Related Products for Novell ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.2.1 - ADMINISTRATION
- NOVELL CLIENT 1.0 FOR LINUX - README
- NOVELL LINUX ENTERPRISE 11 - HIGH AVAILABILITY
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP2
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 11-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP1 - ARCHITECTURE-SPECIFIC INFORMATION 15-03-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- NOVELL LINUX ENTERPRISE SERVER 10 SP3 - ARCHITECTURE-SPECIFIC
- NOVELL OPEN ENTERPRISE SERVER 2 SP 2 - CLUSTER SERVICES 1.8.7 FOR LINUX
- NOVELL OPEN ENTERPRISE SERVER CLUSTER SERVICES 1.8.2 - ADMINISTRATION
- NOVELL SENTINEL LOG MANAGER 1.0.0.4 - S
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - S
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - ZENWORKS REPORTING SERVER 10.3 30-04-2010
- NOVELL LINUX ENTERPRISE 11 SP1 - LINUX AUDIT
Need help?
Do you have a question about the ENHANCED SMART CARD METHOD 3.0.1 - INSTALLATION 17-07-2007 and is the answer not in the manual?