5.0 Installing

Choosing to install Novell SecureLogin in a Novell eDirectory environment installs Novell SecureLogin on networks that are running eDirectory. This option provides you a secure, centralized storage of user login data by performing encryption on the workstation before the data is saved to eDirectory.

NOTE:The procedures for installing on administrator workstations and user workstations are the same.

The following procedure uses the Microsoft Windows Vista 64-bit installer.

  1. Log in to the workstation as an administrator.

  2. Double-click Novell SecureLogin.msi located in the SecureLogin\Client\x64 directory of the Novell SecureLogin installer package. The Welcome to the Installation Wizard for Novell SecureLogin is displayed.

  3. Click Next. The License Agreement page is displayed.

  4. Accept the license agreement, then click Next.

    The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\Novell\SecureLogin\.You can accept the default folder or choose to change.

    To change, click Change and navigate to your desired folder.

  5. Click Next. Select a Datastore for SecureLogin (that is, the installation environment) page is displayed.

  6. Select Novell eDirectory as the platform where Novell SecureLogin stores its data, then click Next.

  7. Select the protocol to access eDirectory.

    If the Novell Client is installed, the installation program recommends the Novell Client for Windows option. Otherwise, LDAP is recommended.

    The following page is displayed only if you have the Novell Client for Windows installed on your machine. Otherwise, LDAP is auto-selected as the protocol.

  8. (Conditional) If you selected Novell Client for Windows in Step 7:

    1. Click Next. Continue with Step 9.d.

  9. (Conditional) If you selected LDAPin Step 7;

    1. Click Next. The LDAP authentication setup dialog box is displayed.

    2. Click Next. The LDAP server information dialog box is displayed. Select one of the following options:

          • When Logging into Windows: This is the LDAP (GINA) mode. If you select this option, the default Windows login dialog box is replaced by the Novell SecureLogin authentication dialog box . If the directory authentication is successful, Novell SecureLogin launches seamlessly.

            Continue with Step 9.c.

          • After Successfully logging into Windows: This is the LDAP Credential Manager mode. If you select this option, Novell SecureLogin login dialog box appears after logging in to Windows and before the desktop screen appears. Novell SecureLogin starts seamlessly after the desktop opens.

            1. Select the login user to be associated with your LDAP distinguished user.

            2. Click Next. Select how you want to associate your Windows username with the LDAP distinguished name.

            3. Click Next and continue with Step 9.c.

            In the complete mode of installation, the install takes the default values and proceeds with the installation. If the Novell Client is installed, the default account association is Novell Client association. If you do not have the Novell Client installed, the default account association is a Windows association.

            However, if you want to associate the account to the Novell Client, change the registry setting in hklm/software/novell/login/ldap as follows:

            DoNTAssoc DWORD 1

            DoClient32Assoc DWORD 0

          • When SecureLogin Starts: This is the LDAP authentication mode. Novell SecureLogin launches after the desktop comes up. Otherwise, the desktop loads and you must manually launch Novell SecureLogin.

            Continue with Step 9.c.

    3. Click Next. Specify the LDAP server information.

    4. Click Next. The smart card dialog box is displayed.

  10. (Conditional) If you want to use a smart card, select Yes >, click Next, then continue with Step 12.

    IMPORTANT:If your enterprise policy allows users log in to the workstation by using a smart card, you must select the smart card option.

  11. (Conditional) If you do not want to use a smart card, select No >, click Next, then continue with Step 14.

  12. Select a cryptographic service provider from which Novell SecureLogin requests PKI credentials through a Microsoft Crypto API.

  13. Select a PKCS#11 compatible library required for accessing the smart card, then click Next.

    This specifies the location of the cryptographic token interface installed as part of the smart card vendor’s software. These API files are used by Novell SecureLogin to communicate with the smart card.

    Manually configuring the third-party smart card PKCS library assumes a high level of understanding of the cryptographic service provider’s product.

  14. Select the eDirectory features that you want to install, then click Next.

    You can select both Novell SecretStore Client and Novell NMAS Methods.

  15. Select the NMAS Methods, such as pcProx and Secure Workstation, then proceed with the installation.

  16. (Conditional) If you selected Novell SecretStore Client in Step 14. ensure that SecretStore is installed on a server, then continue with Step 18.

    For more information on SecretStore, see “Installing SecretStore” in the SecretStore 3.4 Administration Guide.

  17. (Conditional) If you selected Novell NMAS methods in Step 14, the NMAS Client Login Methods dialog box is displayed.

    1. Select pcProx, then click Next. The pcProx card reader options dialog box is displayed.

    2. Select either Use card reader to obtain the username or pcProx reader is an AIR ID Reader.

    3. Click Next. The pcProx card reader options dialog box is displayed.

      1. Select a port for the proximity reader.

      2. Click Next. The Client32 Login Information dialog box is displayed. Specify the Tree, Server, and Sequence information.

      3. Click Next. The LDAP server dialog box is displayed. Specify the server and alternate server information.

      4. Click Next. Specify the number of failures that are allowed before reporting a device removal event to Secure Workstation.

      5. Click Next. The cache option dialog box is displayed.

        pcProx supports LDAP connections over Secret Socket Layer (SSL) only.

  18. Select the location where you want Novell SecureLogin to store the local cache.

    The cache path should include a user identifier in it, such as %AppData% or %username%.

  19. Click Next. The installation features dialog box is displayed.

  20. Select a location for the configuration file.

    If you select Directory as the location, you must specify the tree or the IP address of the server and specify a value of the config object on the server tree.

  21. Click Next. The Ready to Install the Program page is displayed.

  22. Click Install.

  23. Click Finish.

  24. You are prompted to restart your system. Select Yes. .