Configuring Passwordless Certificate based authentication
Perform the following changes to ks_user_config file to configure Passwordless Certificate based authentication :
• key_name=<CipherTrust Manager key name>
• user_name=<keep this blank>
• key_version=<key version no.>
• enable =<yes>
The parameter key_version specifies the version of the key created on CM. These versioned keys can be used for Key Rotation.
The parameter Enable =<yes>
implies that ProtectApp LUKS is enabled, otherwise normal ProtectApp LUKS cryptsetup functionality is used.
• Ensure to keep the user_name blank as username will be picked from the Client Certificate.
• Ensure that the interface mode 'Verify client cert, username taken from client cert, auth request is optional' is selected in the interface setting of CipherTrust Manager.
Example:
• key_name=<CipherTrust Manager key name>
• user_name= <keep this blank>
• key_version=0
• enable =<yes>