7.2 Installing SecureLogin for Smart Cards

This section contains information on installing SecureLogin for smart cards

7.2.1 Client Setup

During the installation of SecureLogin, you can select the Use smart card or cryptographic token option to enable a SecureLogin user to utilize a smart card to store SSO data or to encrypt directory data using a PKI token.

SecureLogin uses existing Novell smart card settings when they are detected (highly recommended) unless the you choose otherwise.

You can optionally select an alternative cryptographic service provider (Microsoft Crypto API) from a drop-down list for your preferred smart card or cryptographic token middleware and then select appropriate Smart card (PKCS#11) library file.

IMPORTANT:Manually configuring the third-party smart card PKCS #11 link library assumes a high level of understanding of the cryptographic service provider’s product. You are encouraged to use the ActivClient smart card support.

For specific information about installing SecureLogin for use with smart cards, refer to the appropriate SecureLogin directory installation in the Novell SecureLogin 6.0 SP1 Installation Guide.

7.2.2 Server Side Administration Preferences

SecureLogin is a highly configurable and flexible product. Many options and options are available to the system administrator to implement and enforce corporate directory policy across an enterprise.

Corporate policies can include, but are not limited to, enabling strong application security, how SSO data is encrypted and stored, how password and passphrase policies are implemented and enforced, and how management procedures are set for lost smart card.

If your company enforces strong security requirements, you should be fully aware of the implications of linking the use of SSO to a smart card and disabling the passphrase functionality.

Minimum Requirements

For general information about the minimum requirements for using smart cards with SecureLogin, refer the Novell SecureLogin 6.0 SP1 Installation Guide.

Supported Configurations

  • ActivClient version 5.4 PKI only plus Hot Fix FIX0609014.
  • ActivClient smart card middleware only is supported for use with SecureLogin.
  • Alternative smart card middleware can also be used. However, it is been extensively tested with ActivClient middleware. Also, it must be installed prior to setting smart card options in SecureLogin.

NOTE:

  • When deployed with ActivClient, SecureLogin automatically configures the cryptographic service provider and PKCS#11 dynamic link library file during installation.
  • If the appropriate version of PKCS#11 library file is not present during installation, SecureLogin installs without smart card support.
  • If ActivClient is installed after SecureLogin is installed, the registry key settings need to be changed manually to activate smart card support, uninstall or re-install SecureLogin.

Cryptographic Service Provider Middleware

ActivClient smart card middleware and settings are automatically detected and selected for use during the installation of SecureLogin.

The appropriate cryptographic service provider middleware can be manually selected if the enterprise implementation of SecureLogin does not use ActivClient smart cards or, if you want to change the smart card provider or cryptographic token.

For detailed information and instructions about installing SecureLogin for smart cards, see Novell SecureLogin 6.0 SP1 Installation Guide in the Novell SecureLogin 6.0 SP1 Installation Guide.