User Identification Plug-Ins

The pcProx method and Universal SmartCard method both provide user identification plug-ins. The user identification plug-in is a DLL that is loaded by the NMAS client login dialog box. It can obtain the user's name, context, tree name, server name, and NMAS sequence from an authentication device.

The Universal SmartCard identification plug-in gets the user name from the subject name in the certificate stored on the smart card. If a smart card is inserted while the login dialog box is displayed, the ID plug-in will do an LDAP search for a user with an "allowable subject name" that matches the name on the certificate. If a user is found, his username and context are automatically entered in the login dialog box.

The pcProx identification plug-in reads a 32-bit number from the pcProx card. It then does an LDAP search for a user who has that number assigned as his or her pcProx login ID. This is set from the Login IDs > pcProx tab in ConsoleOne.

After a user ID has been obtained from the ID plug-in, the username and context fields are populated with the user's DN. The tree, server, and sequence fields are updated with information provided by the administrator when he or she installed the client module (LCM) for the method that is registered as the ID plug-in. The client then automatically clicks the OK button to start the authentication phase.

To configure either the pcProx or Universal SmartCard method as the ID plug-in, you must click the Use Device to Obtain Username for Login check box during the LCM install for the method. When you click this check box, you are presented with two additional dialog boxes.

The first dialog box asks you to supply a tree name, server name, and NMAS login sequence that are used when a user name is obtained from the device. These fields are optional. If they are not provided, then the ID plug-in does not update the corresponding fields in the login dialog box.

The second dialog box asks you for a list of up to three LDAP servers. These are the servers that are used when the ID plug-in does its LDAP search for the user. Because the LDAP protocol is being used, you must enter either an IP address or DNS name for the server.