Registry Settings for SecureLogin Smart Card Support



By: pvdinesh

December 6, 2011 12:24 pm

Reads: 634

Comments:0

Rating:0

Introduction

This article explains the list of available registry settings to enable different SecureLogin Smart Card features.

The below mentioned registry settings can be used to customize or modify the behavior of SecureLogin when installed with Smart Card option.

As you read these settings, note that the “Registry Key Path” indicates the registry path, “STRING or DWORD” indicates the type of the associated registry name and “Value” indicates the value data of that particular registry name.

Environment

The procedures explained in the document apply to:

  • Novell SecureLogin 7.0 Sp2 Hot Fix 3 or later.
  • Windows XP SP3 or later.
  • Windows 7 Sp1 or later
  • Windows VISTA SP2 or later

SecureLogin Smart Card support Registry Settings

1. Configure or Modify SecureLogin Smart Card Cryptographic Service Provider (CSP) and PKCS11 library path

After installing SecureLogin with Smart card option if the Smart card CSP or PKCS11 library path needs to be changed, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin\Security

ActivClient CSP:
STRING: NonRepudiationKeyCSP
Value: ActivClient Cryptographic Service Provider
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll

Gemalto CSP:
STRING: NonRepudiationKeyCSP
Value: Gemplus GemSAFE Card CSP v1.0
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Program Files\Gemalto\DotNet PKCS11\gtop11dotnet.dll or gtop11dotnet64.dll

AET SafeSign CSP:
STRING: NonRepudiationKeyCSP
Value: SafeSign Standard Cryptographic Service Provider
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\WINDOWS\system32\aetpksse.dll
Athena CSP:
STRING: NonRepudiationKeyCSP
Value: Athena ASECard Crypto CSP
STRING: StorageDeviceInterfaceLibraryPKCS11
Value: C:\Windows\System32\asepkcs.dll

2. Enable Pin Caching for Smart Card

To enable pin caching for smart card, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: EnableSmartCardPinCache
Value: 1

3. Enable SecureLogin Smart card support in Kiosk mode

In the earlier versions of SecureLogin, Active Directory authentication of the workstation was used to log in to SecureLogin. With SecureLogin 7.0 SP1 Hotfix 2 and later, you can enable users to log in to SecureLogin separately by using the smart card credentials. To configure this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: NSLADAuth
Value: 1

4. Changing Smart Card user Login Password on Expiry

In eDirectory mode when the user logs in using NESCM (Novell Enhanced Smart Card Method) and the user password is expired, SecureLogin detects the expired password and changes automatically on behalf of the logged in user. To enable this, update the below registry settings.

Registry Key Path: HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin
DWORD: ChangePasswordOnExpiry
Value: 1

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: SecureLogin, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment