Article

(View Disclaimer)

Introduction

This article explains the list of available registry settings to enable different SecureLogin Smart Card features.

The below mentioned registry settings can be used to customize or modify the behavior of SecureLogin when installed with Smart Card option.

As you read these settings, note that the "Registry Key Path" indicates the registry path, "STRING or DWORD" indicates the type of the associated registry name and "Value" indicates the value data of that particular registry name.

Environment

The procedures explained in the document apply to:

• Novell SecureLogin 7.0 Sp2 Hot Fix 3 or later.
• Windows XP SP3 or later.
• Windows 7 Sp1 or later
• Windows VISTA SP2 or later

SecureLogin Smart Card support Registry Settings

1. Configure or Modify SecureLogin Smart Card Cryptographic Service Provider (CSP) and PKCS11 library path

After installing SecureLogin with Smart card option if the Smart card CSP or PKCS11 library path needs to be changed, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin\Security

ActivClient CSP:
STRING: NonRepudiationKeyCSP
Value: ActivClient Cryptographic Service Provider
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll

Gemalto CSP:
STRING: NonRepudiationKeyCSP
Value: Gemplus GemSAFE Card CSP v1.0
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Program Files\Gemalto\DotNet PKCS11\gtop11dotnet.dll or gtop11dotnet64.dll

AET SafeSign CSP:
STRING: NonRepudiationKeyCSP
Value: SafeSign Standard Cryptographic Service Provider
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\WINDOWS\system32\aetpksse.dll
Athena CSP:
STRING: NonRepudiationKeyCSP
Value: Athena ASECard Crypto CSP
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Windows\System32\asepkcs.dll

2. Enable Pin Caching for Smart Card

To enable pin caching for smart card, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: EnableSmartCardPinCache
Value: 1

3. Enable SecureLogin Smart card support in Kiosk mode

In the earlier versions of SecureLogin, Active Directory authentication of the workstation was used to log in to SecureLogin. With SecureLogin 7.0 SP1 Hotfix 2 and later, you can enable users to log in to SecureLogin separately by using the smart card credentials. To configure this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: NSLADAuth
Value: 1

4. Changing Smart Card user Login Password on Expiry

In eDirectory mode when the user logs in using NESCM (Novell Enhanced Smart Card Method) and the user password is expired, SecureLogin detects the expired password and changes automatically on behalf of the logged in user. To enable this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: ChangePasswordOnExpiry
Value: 1

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.