Novell Home

Novell iChain 2.3 Now Available

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 6 May 2004
 

iChain 2.3 is now available! Here's a look at what's new in this release.
(from the readme file in the new iChain 2.3 online documentation)

New Features in iChain Version 2.3

NetWare 6.5 Interoperability
NetWare 6.5 provides a number of user-productivity applications, including Novell iFolder, Virtual Office, and NetStorage. Customers can now secure these applications and provide single sign-on using iChain 2.3.

Support for NetIdentity Authentication
iChain 2.3 supports the NetIdentity agent, providing both background authentication to iChain and single sign-on to NetIdentity-aware applications, such as NetStorage, Virtual Office, and iManager.

Background authentication to iChain is enabled from the LDAP Authentication Profile by selecting Allow Authentication through NetIdentity.

Support for Citrix ICA Clients
iChain 2.3 provides secure access to Citrix ICA clients, requiring a valid iChain authentication before allowing access to Citrix MetaFrame servers.

This service rewrites the instructions from Nfuse, forcing the client to connect to iChain rather than the MetaFrame server in the original instruction. This rewrite also inserts a token that identifies the current user session. If the user logs out of iChain, the token becomes invalid.

WebDAV Enhancements
iChain 2.3 supports WebDAV extensions that are needed by applications such as Microsoft Outlook Web Access.

Support for ANDing LDAP and RADIUS Profiles
iChain 2.3 supports the ANDing of LDAP and RADIUS profiles, which facilitates requiring a user to enter a valid LDAP password, as well as a one-time password generated by a token device. This features allows iChain to leverage the LDAP password for single sign-on to Web applications, while validating the user's identity using a more secure method of authentication.

Support for Token Challenge and Response
iChain 2.3 supports tokens that use a challenge and response process to validate the user's identity. This feature also supports the PIN reset mode of some token vendors.

Support for OCSP Certificate Validation
In addition to supporting Certificate Revocation Lists (CRL) to validate an X.509 certificate, iChain 2.3 now provides support for Online Certificate Status Protocol (OCSP) validation.

iChain 2.3 can either leverage OCSP information held within a certificate, or it can be configured to direct all certificate validations to a specified OCSP service.

Support for GZIP Compression
iChain 2.3 now provides support for GZIP-compressed data between the browser and proxy server. Previous versions of iChain only supported GZIP between the Web server and the proxy. The additional support improves the overall performance of content delivery when the Web application has GZIP enabled.

This feature relies on the Web server to send GZIP-compressed data.

LDAP Authentication Enhancements
iChain 2.3 provides a more flexible way of requesting credential sets from a user. A new field in the LDAP Authentication Profile allows the configuration of search strings.

For example, a search string of:

(&(objectclass=person) ( | (cn=&username)
(ssn=%ssn%) (employeeID=%workID%)))

would prompt the user for his or her common name, social security number, and employee ID, any of which iChain would verify as a valid login ID.

Changeable Prompt for Command Line Interface
iChain 2.3 provides a way to change the prompt displayed on the command line interface. It allows you to customize the prompt so you can recognize which machine you are connected to when using a switchbox. It allows a limited number of variables, like time and version information. See the Novell iChain 2.3 Administration Guide (http://www.novell.com/documentation/lg/ichain23/ index.html), or enter the command set prompt ? for more information.

Enhanced Configuration Export
iChain 2.3 enhances the export of the configuration into a single .nas file. It is now possible to export all of your certificates, trusted root files, rewriter.cfg, and all files in sys:\etc\custom to the .nas file. Sys:\etc\custom is meant for custom rewriter configuration use. The behavior of the export command is controlled by the set export ? commands. See the Novell iChain 2.3 Administration Guide (http://www.novell.com/documentation/lg/ichain23/ index.html) for details.

Telnet Is Disabled By Default
By default, iChain 2.3 disables Telnet access. At the command line interface, you can use the following command to enable Telnet: set listener telnet enable=yes

additional information


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell