McAfee M3050 Installation Guide - Page 42
Enabling CAC authentication, Logging onto the Manager using CAC authentication
View all McAfee M3050 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
McAfee® Network Security Platform 6.0 Starting the Manager/Central Manager b Install the ActivIdentify and ActivClient CAC software on the Manager client. These software are provided to you along with the card reader device and help validate the digital certificate and user information stored in the card. Note: McAfee currently supports integration with smart card reader model SCR3310 from TxSystems. 2 Insert a card into the card reader. 3 Open the CAC Client software > Smart Card Info > User Name. The user name is a combination of alphanumeric characters and a few special characters like "." or spaces. For example, "BROWN.JOHN.MR .0123456789" 4 Log onto the Manager and create a user with the exact same name that is, "BROWN.JOHN.MR .0123456789". 5 Close the current browser session of the Manager. Enabling CAC authentication The CAC authentication feature is disabled by default. It is mandatory to setup the CAC user accounts, before enabling it. To enable CAC, do the following: Note: CAC Authentication can be enabled only through the MySQL command line. 1 Log onto the MySQL command line and enter: update iv_emsproperties set value='TRUE' where name='iv.access.control.authentication.requireClientCertificate BasedAuthentication' 2 Perform the following tasks: a. Change the corresponding Apache files to enable Client-Authentication: Apache/conf/iv_ssl.conf - b. Uncomment the following lines: #RewriteRule ^(.*)$ - [E=RedirectPort=444] #Listen 0.0.0.0:444 c. Set SSLCACertificateFile attribute to point to the file containing the trusted CA Certificates. d. In Apache/conf/iv_ssl_mapping.conf , uncomment the following line: #RewriteRule ^(.*)$ - [E=RedirectPort=444] 3 Close all client connections. 4 Stop the McAfee Network Security Manager service. 5 Stop the McAfee Network Security Manager User Interface service. 6 Restart both the McAfee Network Security Manager service and the McAfee Network Security Manager User Interface service. For details on how to close client connections, stop/ restart the Manager services etc., see Manager Installation Guide. Logging onto the Manager using CAC authentication 1 Insert a card into the card reader. 2 Start a fresh browser session for the Manager. 34