-
Notifications
You must be signed in to change notification settings - Fork 139
Configuring CMC Shared Token Authentication
Endi S. Dewata edited this page Jul 19, 2022
·
15 revisions
This page describes the process to configure CMC shared token authentication.
It assumes that:
-
Issuance protection certificate has been created.
Update the schema to define the LDAP attribute for the shared token:
$ ldapmodify \
-H ldap://ds.example.com:3389 \
-x \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/ca/auth/ds/schema.ldif
Create the subtree (e.g. ou=people,dc=example,dc=com) to store the user records:
$ ldapadd \
-H ldap://ds.example.com:3389 \
-x \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/ca/auth/ds/create.ldif
Then add user records:
$ ldapadd \
-H ldap://ds.example.com:3389 \
-x \
-D "cn=Directory Manager" \
-w Secret.123 \
-f /usr/share/pki/ca/auth/ds/example.ldif
Configure CMC shared token authentication to use the above authentication database:
$ pki-server ca-config-set auths.instance.SharedToken.ldap.basedn ou=people,dc=example,dc=com $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapauth.authtype BasicAuth $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapauth.bindDN "cn=Directory Manager" $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapauth.bindPWPrompt "Rule SharedToken" $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapconn.host ds.example.com $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapconn.port 3389 $ pki-server ca-config-set auths.instance.SharedToken.ldap.ldapconn.secureConn false $ pki-server ca-config-set auths.instance.SharedToken.pluginName SharedToken $ pki-server ca-config-set auths.instance.SharedToken.shrTokAttr shrTok
$ sed -i \
-e "s/^\(enable\)=.*/\1=true/" \
/var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCSharedTokenCert.cfg
$ pki-server ca-undeploy --wait $ pki-server ca-deploy --wait
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |