Novell® Certificate Login (NCL) 2.0 provides secure, advanced authentication services to network resources using x.509 certificates. NCL 2.0 fully supports smart card hardware and middleware from Common Access Card (CAC) issued by the United States Department of Defense as well as other vendors. Features include the new Novell Enhanced Smart Card Method (NESCM), reduced sign-on to network services, disconnected mode support, and secure event auditing.
Documentation for each compontent of this solution is included in the software build. There is a \documentation directory on the following CDs:
Both \documentation directories hold the exact same content. This is so you have a second access point to the documentation if you are using one of the CDs to do an installation.
The \documentation directory contains a folder for each of the NCL products. Inside these folders are PDF files of the corresponding product documentation. The NCL Installation Guide (nclinstall.pdf) and the NCL Readme (readme.html) exist at the root of the \documentation directory.
We recommend that you read the NCL Installation Guide and NCL Readme before installing the solution.
Documentation for each product can also be found at Novell's Documentation Web site.
For the lastest NCL installation information and readme file, see the NCL Documentation Web site.
This release is an English-only release. This means that this solution has been tested only on Windows* 2000 Server SP4 or later, Windows 2003 Server SP1 or later, and Windows XP SP2 or later (English versions only).
You can view localized versions of the NCL license agreement on CD 1 and CD 2 in the \licenseagreement directory.
This release does not support enrolling a Gemplus card using the card reader. You can enroll the Gemplus card by either reading the certificate from a file or entering the subject name manually. See the NCL Installation Guide for more details.
During a disconnected login, the NCL client records a login audit event. If NSure® Audit Server connectivity isn't available, the audit agent on the client machine can take up to 25 seconds to cache the audit record. This significantly increases workstation login and unlock times. The default client install will not install the audit agent, which means disconnected login events will not be audited. Install the NSure Audit Platform Agent only if disconnected login events are desired and the 25-second delay is acceptable. This issue will be fixed in NSure Audit in a future release.
When a user mistypes the username and/or password, no Login Failed events are generated. The NESCM even for Local Logins is generated. This will be fixed in a future release of Nsure Audit.
Before starting the Active Directory driver for the first time, you must disable the default password creation policy to ensure that the User objects migrated to eDirectory do not have the default password set to the Active Directory user's surname. This is a documented step in Chapter 6 of the NCL Installation Guide.
You need to be authenticated as an Active Directory user with Administrator rights to the Active Directory domain before running this install. This is because the Password Generation Service and the Password Generation Policy need access to the Active Directory domain. This is a documented note in Chapter 3 or the NCL Installation Guide.
Updates to this solution will be released on a quarterly basis on CD only. Users should not download and deploy updates from Novell's Web site. This solution has been tested only with the products bundled on the CD (see 3.0 Products below).
To maximize the security of NCL, make sure you do the following:
The following products are included with Novell Certificate Login 2.0:
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
eDirectory is a trademark of Novell, Inc. in the United States and other countries.
NMAS is a trademark of Novell, Inc. in the United States and other countries.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell Client is a trademark of Novell, Inc. in the United States and other countries.
Novell SecretStore is a registered trademark of Novell, Inc. in the United States and other countries.
Nsure is a registered trademark of Novell, Inc. in the United States and other countries.
SUSE is a registered trademark of SUSE LINUX AG, a Novell business.
All third-party trademarks (*) are the property of their respective owners.