Article

pvdinesh's picture
article
Reads:

4421

Score:
1.5
1.5
4
 
Comments:

0

Registry Settings for SecureLogin Smart Card Support

Author Info

6 December 2011 - 12:24pm
Submitted by: pvdinesh

(View Disclaimer)

Introduction

This article explains the list of available registry settings to enable different SecureLogin Smart Card features.

The below mentioned registry settings can be used to customize or modify the behavior of SecureLogin when installed with Smart Card option.

As you read these settings, note that the "Registry Key Path" indicates the registry path, "STRING or DWORD" indicates the type of the associated registry name and "Value" indicates the value data of that particular registry name.

Environment

The procedures explained in the document apply to:

  • Novell SecureLogin 7.0 Sp2 Hot Fix 3 or later.
  • Windows XP SP3 or later.
  • Windows 7 Sp1 or later
  • Windows VISTA SP2 or later

SecureLogin Smart Card support Registry Settings

1. Configure or Modify SecureLogin Smart Card Cryptographic Service Provider (CSP) and PKCS11 library path

    After installing SecureLogin with Smart card option if the Smart card CSP or PKCS11 library path needs to be changed, update the below registry settings.

    Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin\Security

    ActivClient CSP:
    STRING: NonRepudiationKeyCSP
    Value: ActivClient Cryptographic Service Provider
    STRING: StorageDeviceInterfaceLibraryPKCS11
    Value: C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll

    Gemalto CSP:
    STRING: NonRepudiationKeyCSP
    Value: Gemplus GemSAFE Card CSP v1.0
    STRING: StorageDeviceInterfaceLibraryPKCS11
    Value: C:\Program Files\Gemalto\DotNet PKCS11\gtop11dotnet.dll or gtop11dotnet64.dll

    AET SafeSign CSP:
    STRING: NonRepudiationKeyCSP
    Value: SafeSign Standard Cryptographic Service Provider
    STRING: StorageDeviceInterfaceLibraryPKCS11
    Value: C:\WINDOWS\system32\aetpksse.dll
    Athena CSP:
    STRING: NonRepudiationKeyCSP
    Value: Athena ASECard Crypto CSP
    STRING: StorageDeviceInterfaceLibraryPKCS11
    Value: C:\Windows\System32\asepkcs.dll

2. Enable Pin Caching for Smart Card

To enable pin caching for smart card, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: EnableSmartCardPinCache
Value: 1

3. Enable SecureLogin Smart card support in Kiosk mode

In the earlier versions of SecureLogin, Active Directory authentication of the workstation was used to log in to SecureLogin. With SecureLogin 7.0 SP1 Hotfix 2 and later, you can enable users to log in to SecureLogin separately by using the smart card credentials. To configure this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: NSLADAuth
Value: 1

4. Changing Smart Card user Login Password on Expiry

In eDirectory mode when the user logs in using NESCM (Novell Enhanced Smart Card Method) and the user password is expired, SecureLogin detects the expired password and changes automatically on behalf of the logged in user. To enable this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: ChangePasswordOnExpiry
Value: 1

AttachmentSize
registry_settings_for_securelogin_smart_card_support.doc38.5 KB

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.




User Comments

© 2013 Novell