The NMAS ConsoleOne snapins will not allow you to delete a login method if that method is part of any login sequence. The default installation of a login method creates a login sequence containing only that method. As a result, most methods exist in at least one sequence.
To delete a login method, you must complete the following two procedures:
Using ConsoleOne, click on the Security container > right-click the Login Policy > select Properties.
Click General.
For each sequence in the Defined Login Sequences drop-down list, do the following:
When the login method has been removed from all login sequences, you can then delete it.
Using ConsoleOne, click on the Security container and select either the Authorized Login Methods container or the Authorized Post Login Methods container, depending on the type of method you are deleting.
Select the login method you would like to delete.
Press Delete and click Yes.
In this release of NMAS, the pcProx method and Universal SmartCard method both provide user identification plug-ins. The user identification plug-in is a DLL that is loaded by the NMAS client login dialog. It can obtain the user's name, context, tree name, server name, and NMAS sequence from an authentication device.
The Universal SmartCard identification plug-in gets the user name from the subject name in the certificate stored on the smart card. If a smart card is inserted while the login dialog is displayed, the ID plug-in will do an LDAP search for a user with an "allowable subject name" that matches the name on the certificate. If a user is found, his username and context are automatically entered on the login dialog.
The pcProx identification plug-in reads a 32-bit number from the pcProx card. It will then do an LDAP search for a user who has that number assigned as his pcProx login ID. This is set from the "Login IDs > pcProx" tab in ConsoleOne.
Once a user ID has been obtained from the ID plug-in, the username and context fields will be populated with the user's DN. The tree, server, and sequence fields will be updated with information provided by the administrator when he installed the LCM for the method that is registered as the ID plug-in. The client will then click the OK button automatically to start the authentication phase.
To configure either the pcProx or Universal SmartCard method as the ID plug-in, you must click the "Use device to obtain username for login" check box during the LCM install for the method. When you click this check box, you will be presented with two additional screens.
The first screen will ask you to supply a tree name, server name, and NMAS login sequence that will be used when a user name is obtained from the device. These fields are optional. If they are not provided, then the ID plug-in will not update the corresponding fields on the login dialog.
The second screen will ask you for a list of up to three LDAP servers. These are the servers that will be used when the ID plug-in does its LDAP search for the user. Because the LDAP protocol is being used, you must enter either an IP address or DNS name for the server.