Novell Doc: Novell Enhanced Smart Card Method Installation Guide

5.4 Configuring Users

User objects must be configured with the proper certificate information for login. Using iManager, select Smart Card Login > User Settings.

The information required depends on the type of certificate matching used.

5.4.1 Subject Name Matching

The subject name from the login certificate is configured for the user object. This is done by selecting Add and entering the subject name. The subject name can be entered directly, read from a smart card in an attached card reader, or read from a certificate file. DER and PEM certificate files are supported.

Figure 5-6 Add Subject Name Page

Figure 5-7 is an example of a User object properly configured for subject name matching:

Figure 5-7 Subject Name Matching Page

5.4.2 Certificate Matching

The specific login certificate is configured for the User object. This is done by selecting Add and entering the certificate. The certificate can be read from a smart card in an attached card reader, or read from a certificate file. DER and PEM certificate files are supported.

Figure 5-8 Add a Certificate Page

Below is an example of a User object properly configured for certificate matching:

Figure 5-9 Certificate Matching Page

5.4.3 Temporary Certificates

A temporary classification can be assigned to certificates or subject names. This is done by selecting the temporary check box when adding the certificate information. This can be useful in situations where a temporary smart card is assigned to an individual. A typical case might be when an individual misplaces or forgets his or her regular smart card. In this situation, a temporary smart card could be issued to the individual and configured for a short period of time.

A temporary certificate is valid until the the specified expiration date. When configured, the user is only able to log in using the temporary certificate. If the user attempts a login using his normal certificate, the login fails. After the temporary certificate expiration date passes, the user can log in again using his regular certificate. Expired temporary certificate information is automatically deleted from the User object.

Figure 5-10 shows a User object configured with a temporary certificate subject name. The regular information still exists for the user, but the temporary configuration will override it until the expiration date:

Figure 5-10 Temporary Certificate Subject Name Page