McAfee M3050 Installation Guide - Page 42

Enabling CAC authentication, Logging onto the Manager using CAC authentication

Get McAfee M3050 - Network Security Platform PDF manuals and user guides View all McAfee M3050 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

McAfee® Network Security Platform 6.0 Starting the Manager/Central Manager b Install the ActivIdentify and ActivClient CAC software on the Manager client. These software are provided to you along with the card reader device and help validate the digital certificate and user information stored in the card. Note: McAfee currently supports integration with smart card reader model SCR3310 from TxSystems. 2 Insert a card into the card reader. 3 Open the CAC Client software > Smart Card Info > User Name. The user name is a combination of alphanumeric characters and a few special characters like "." or spaces. For example, "BROWN.JOHN.MR .0123456789" 4 Log onto the Manager and create a user with the exact same name that is, "BROWN.JOHN.MR .0123456789". 5 Close the current browser session of the Manager. Enabling CAC authentication The CAC authentication feature is disabled by default. It is mandatory to setup the CAC user accounts, before enabling it. To enable CAC, do the following: Note: CAC Authentication can be enabled only through the MySQL command line. 1 Log onto the MySQL command line and enter: update iv_emsproperties set value='TRUE' where name='iv.access.control.authentication.requireClientCertificate BasedAuthentication' 2 Perform the following tasks: a. Change the corresponding Apache files to enable Client-Authentication: Apache/conf/iv_ssl.conf - b. Uncomment the following lines: #RewriteRule ^(.*)$ - [E=RedirectPort=444] #Listen 0.0.0.0:444 c. Set SSLCACertificateFile attribute to point to the file containing the trusted CA Certificates. d. In Apache/conf/iv_ssl_mapping.conf , uncomment the following line: #RewriteRule ^(.*)$ - [E=RedirectPort=444] 3 Close all client connections. 4 Stop the McAfee Network Security Manager service. 5 Stop the McAfee Network Security Manager User Interface service. 6 Restart both the McAfee Network Security Manager service and the McAfee Network Security Manager User Interface service. For details on how to close client connections, stop/ restart the Manager services etc., see Manager Installation Guide. Logging onto the Manager using CAC authentication 1 Insert a card into the card reader. 2 Start a fresh browser session for the Manager. 34

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
McAfee® Network Security Platform 6.0
Starting the Manager/Central Manager
b
Install the
ActivIdentify
and
ActivClient CAC
software on the Manager client.
These software are provided to you along with the card reader device and help
validate the digital certificate and user information stored in the card.
Note:
McAfee currently supports integration with smart card reader model
SCR3310 from TxSystems.
2
Insert a card into the card reader.
3
Open the CAC Client software > Smart Card Info > User Name.
The user name is a combination of alphanumeric characters and a few special
characters like "." or spaces. For example, "BROWN.JOHN.MR
.0123456789"
4
Log onto the Manager and create a user with the exact same name that is,
"BROWN.JOHN.MR
.0123456789".
5
Close the current browser session of the Manager.
Enabling CAC authentication
The CAC authentication feature is disabled by default. It is mandatory to setup the CAC
user accounts, before enabling it.
To enable CAC, do the following:
Note:
CAC Authentication can be enabled only through the MySQL command line.
1
Log onto the MySQL command line and enter:
update iv_emsproperties set value='TRUE' where
name='iv.access.control.authentication.requireClientCertificate
BasedAuthentication'
2
Perform the following tasks:
Change the corresponding Apache files to enable Client-Authentication:
Apache/conf/iv_ssl.conf
a.
b.
c.
d.
Uncomment the following lines:
#RewriteRule ^(.*)$ - [E=RedirectPort=444]
#Listen 0.0.0.0:444
Set
SSLCACertificateFile
attribute to point to the file containing the trusted CA
Certificates.
In
Apache/conf/iv_ssl_mapping.conf ,
uncomment the following line:
#RewriteRule ^(.*)$ - [E=RedirectPort=444]
3
Close all client connections.
4
Stop the McAfee Network Security Manager service.
5
Stop the McAfee Network Security Manager User Interface service.
6
Restart both the McAfee Network Security Manager service and the McAfee Network
Security Manager User Interface service.
For details on how to close client connections, stop/ restart the Manager services etc., see
Manager Installation Guide
.
Logging onto the Manager using CAC authentication
1
Insert a card into the card reader.
2
Start a fresh browser session for the Manager.
34