Novell Doc: Novell SecureLogin 6.1 SP1 Administration Guide - Installing SecureLogin for Smart Cards

8.2 Installing SecureLogin for Smart Cards

This section contains information on installing SecureLogin for smart cards:

8.2.1 Client Setup

During the installation of SecureLogin, you can select the Use smart card or cryptographic token option to enable a SecureLogin user to utilize a smart card to store single sign-on data or to encrypt directory data by using a PKI token.

SecureLogin uses existing Novell smart card settings when they are detected (highly recommended) unless the you choose otherwise.

You can optionally select an alternative cryptographic service provider (Microsoft Crypto API) from a drop-down list for your preferred smart card or cryptographic token middleware and then select an appropriate smart card (PKCS#11) library file.

IMPORTANT:Manually configuring the third-party smart card PKCS #11 link library assumes a high level of understanding of the cryptographic service provider’s product. You are encouraged to use the ActivClient smart card support.

8.2.2 Server Side Administration Preferences

SecureLogin is a highly configurable and flexible product. Many options are available to the system administrator to implement and enforce corporate directory policy across an enterprise.

Corporate policies can include, but are not limited to, enabling strong application security, how single sign-on data is encrypted and stored, how password and passphrase policies are implemented and enforced, and how management procedures are set for a lost smart card.

If your company enforces strong security requirements, you should be fully aware of the implications of linking the use of single sign-on to a smart card and disabling the passphrase functionality.

Minimum Requirements

For general information about the minimum requirements for using smart cards with SecureLogin, refer to the Novell SecureLogin 6.1 SP1 Installation Guide.

Supported Configurations

ActivClient 6.0 and 6.1
Gemalto 5.3
AET Safe Sign 2.3.0

NOTE:

When deployed with ActivClient, SecureLogin automatically configures the cryptographic service provider and PKCS#11 dynamic link library file during installation.
If the appropriate version of PKCS#11 library file is not present during installation, SecureLogin installs without smart card support.
If ActivClient is installed after SecureLogin is installed, the registry key settings need to be changed manually to activate smart card support, uninstall or re-install SecureLogin.

Cryptographic Service Provider Middleware

ActivClient*, Gemalto*(formerly Axalto), and AET’s SafeSign* smart card middleware and settings are automatically detected and selected for use during the installation of SecureLogin.

If the enterprise implementation of middleware does not use an ActivClient smart card, or you want to change the smart card or cryptographic token, then the appropriate cryptographic service provider middleware can be manually selected.

NOTE:Manually configuring a third-party smart card PKCS#11 link library assumes a high level of understanding of the cryptographic service provider’s product. We recommend that you use ActiveClient smart card support with SecureLogin when ever possible.