Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

Preview Book

Red Hat Enterprise Linux 6

Managing Single Sign-On and Smart Cards

For Red Hat Enterprise Linux 6

Edition 1

Ella Deon Lackey

Legal Notice

Copyright © 2010 Red Hat, Inc..
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.

1801 Varsity Drive
 RaleighNC 27606-2072 USA
 Phone: +1 919 754 3700
 Phone: 888 733 4281
 Fax: +1 919 754 3701

August 13, 2009
This guide is for both users and administrators for Red Hat Enterprise Linux 6.0 to learn how to manage personal certificates and keys using the Enterprise Security Client. The Enterprise Security Client is a simple GUI which works as a frontend for the Red Hat Certificate System token management system. The Enterprise Security Client allows users of Red Hat Enterprise Linux 6.0 to format and manage smart cards easily as part of a single sign-on solution.

About This Guide
1. Additional Reading
2. Examples and Formatting
2.1. Formatting for Examples and Commands
2.2. Tool Locations
2.3. Guide Formatting
3. Giving Feedback
4. Document History
1. Introduction to the Enterprise Security Client
1.1. Red Hat Enterprise Linux, Single Sign-On, and Authentication
1.2. Red Hat Certificate System and the Enterprise Security Client
2. Using Pluggable Authentication Modules (PAM)
2.1. About PAM
2.2. PAM Configuration Files
2.2.1. PAM Service Files
2.2.2. PAM Configuration File Format
2.2.3. Sample PAM Configuration Files
2.3. Creating PAM Modules
2.4. PAM and Administrative Credential Caching
2.4.1. Removing the Timestamp File
2.4.2. Common pam_timestamp Directives
3. Using Kerberos
3.1. About Kerberos
3.1.1. A General Overview of Kerberos
3.1.2. How Kerberos Works
3.1.3. Additional Resources for Kerberos
3.2. Configuring a Kerberos 5 Server
3.3. Configuring a Kerberos 5 Client
3.4. Domain-to-Realm Mapping
3.5. Setting up Secondary KDCs
3.6. Setting up Cross Realm Authentication
4. Using the Enterprise Security Client
4.1. Launching Enterprise Security Client
4.2. Overview of Enterprise Security Client Configuration
4.2.1. Enterprise Security Client File Locations
4.2.2. About the Preferences Configuration Files
4.2.3. About the XUL and JavaScript Files in the Enterprise Security Client
4.3. Configuring Phone Home
4.3.1. About Phone Home Profiles
4.3.2. Setting Global Phone Home Information
4.3.3. Adding Phone Home Information to a Token Manually
4.3.4. Configuring the TPS to Use Phone Home
4.4. Using Security Officer Mode
4.4.1. Enabling Security Officer Mode
4.4.2. Enrolling a New Security Officer
4.4.3. Using Security Officers to Manage Users
4.5. Configuring SSL Connections with the TPS
4.6. Customizing the Smart Card Enrollment User Interface
4.7. Disabling LDAP Authentication for Token Operations
5. Using Smart Cards with the Enterprise Security Client
5.1. Supported Smart Cards
5.2. Setting up Users to Be Enrolled
5.3. Enrolling a Smart Card Automatically
5.4. Managing Smart Cards
5.4.1. Formatting the Smart Card
5.4.2. Resetting a Smart Card Password
5.4.3. Viewing Certificates
5.4.4. Importing CA Certificates
5.4.5. Adding Exceptions for Servers
5.4.6. Enrolling Smart Cards
5.4.7. Re-Enrolling Tokens
5.5. Diagnosing Problems
5.5.1. Errors
5.5.2. Events
6. Configuring Applications for Single Sign-On
6.1. Configuring Firefox to Use Kerberos for Single Sign-On
6.2. Enabling Smart Card Login on Red Hat Enterprise Linux
6.3. Setting up Browsers to Support SSL for Tokens
6.4. Using the Certificates on Tokens for Mail Clients

  Published under the terms of the Creative Commons License Design by Interspire