This section contains information on installing SecureLogin for smart cards:
During the installation of SecureLogin, you can select theoption to enable a SecureLogin user to utilize a smart card to store single sign-on data or to encrypt directory data by using a PKI token.
SecureLogin uses existing Novell smart card settings when they are detected (highly recommended) unless the you choose otherwise.
You can optionally select an alternative cryptographic service provider (Microsoft Crypto API) from a drop-down list for your preferred smart card or cryptographic token middleware and then select an appropriate smart card (PKCS#11) library file.
IMPORTANT:Manually configuring the third-party smart card PKCS #11 link library assumes a high level of understanding of the cryptographic service provider’s product. You are encouraged to use the ActivClient smart card support.
SecureLogin is a highly configurable and flexible product. Many options are available to the system administrator to implement and enforce corporate directory policy across an enterprise.
Corporate policies can include, but are not limited to, enabling strong application security, how single sign-on data is encrypted and stored, how password and passphrase policies are implemented and enforced, and how management procedures are set for a lost smart card.
If your company enforces strong security requirements, you should be fully aware of the implications of linking the use of single sign-on to a smart card and disabling the passphrase functionality.
For general information about the minimum requirements for using smart cards with SecureLogin, refer to the Novell SecureLogin 6.1 SP1 Installation Guide.
ActivClient 6.0 and 6.1
AET Safe Sign 2.3.0
ActivClient*, Gemalto*(formerly Axalto), and AET’s SafeSign* smart card middleware and settings are automatically detected and selected for use during the installation of SecureLogin.
If the enterprise implementation of middleware does not use an ActivClient smart card, or you want to change the smart card or cryptographic token, then the appropriate cryptographic service provider middleware can be manually selected.
NOTE:Manually configuring a third-party smart card PKCS#11 link library assumes a high level of understanding of the cryptographic service provider’s product. We recommend that you use ActiveClient smart card support with SecureLogin when ever possible.