Novell® Certificate Login (NCL) 2.0.1 provides secure, advanced authentication services to network resources using x.509 certificates. NCL 2.0.1 fully supports smart card hardware and middleware from Common Access Card (CAC) issued by the United States Department of Defense as well as other vendors. Features include the new Novell Enhanced Smart Card Method (NESCM), reduced sign-on to network services, disconnected mode support, and secure event auditing.
Documentation for each compontent of this solution is included in the software build. There is a \documentation directory on the following CDs:
Both \documentation directories hold the exact same content. This is so you have a second access point to the documentation if you are using one of the CDs to do an installation.
The \documentation directory contains a folder for each of the NCL products. Inside these folders are PDF files of the corresponding product documentation. The NCL Installation Guide (nclinstall.pdf) and the NCL Readme (readme.html) exist at the root of the \documentation directory.
We recommend that you read the NCL Installation Guide and NCL Readme before installing the solution.
Documentation for each product can also be found at Novell's Documentation Web site.
For the lastest NCL installation information and readme file, see the NCL Documentation Web site.
If you install from the network, the mapped drive must begin at the same directory structure that the CD has at it's root level. For example, x:\ncl\ncl201\client\setup.exe will fail. It must be x:\setup.exe, mirroring the CD (d:\setup.exe).
Also, when doing a network install of the NCL workstation, the Zone Alarm firewall (and possibly other firewall software) causes the umbrella install to halt at the beginning. You must turn off the firewall software before running the NCL workstation install.
If the workstation does not rebooted after you perform an upgrade using the NCL 2.0.1 Workstation Umbrella Installer or after an uninstall of the workstation, you should manually reboot the workstation.
You can view localized versions of the NCL license agreement on CD 1 and CD 2 in the \licenseagreement directory.
During a disconnected login, the NCL client records a login audit event. If NSure® Audit Server connectivity isn't available, the audit agent on the client machine can take up to 25 seconds to cache the audit record. This significantly increases workstation login and unlock times. The default client install will not install the audit agent, which means disconnected login events will not be audited. Install the NSure Audit Platform Agent only if disconnected login events are desired and the 25-second delay is acceptable. This issue will be fixed in NSure Audit in a future release.
Before starting the Active Directory driver for the first time, you must disable the default password creation policy to ensure that the User objects migrated to eDirectory do not have the default password set to the Active Directory user's surname. This is a documented step in Chapter 6 of the NCL Installation Guide.
You need to be authenticated as an Active Directory Domain Administrator before running this install. When configuring the Password Generation Service, you must configure it to run as the same administrative user. If you change the Password Generation policy, ensure that you log in as the same administrative user.
To maximize the security of NCL, make sure you do the following:
The following products are included with Novell Certificate Login 2.0:
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
eDirectory is a trademark of Novell, Inc. in the United States and other countries.
NMAS is a trademark of Novell, Inc. in the United States and other countries.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell Client is a trademark of Novell, Inc. in the United States and other countries.
Novell SecretStore is a registered trademark of Novell, Inc. in the United States and other countries.
Nsure is a registered trademark of Novell, Inc. in the United States and other countries.
SUSE is a registered trademark of SUSE LINUX AG, a Novell business.
All third-party trademarks (*) are the property of their respective owners.