Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks

Configuring Passwordless Certificate based authentication

search

Please Note:

Configuring Passwordless Certificate based authentication

Perform the following changes to ks_user_config file to configure Passwordless Certificate based authentication :

  • key_name=<CipherTrust Manager key name>

  • user_name=<keep this blank>

  • key_version=<key version no.>

  • enable =<yes>

The parameter key_version specifies the version of the key created on CM. These versioned keys can be used for Key Rotation.

The parameter Enable =<yes> implies that ProtectApp LUKS is enabled, otherwise normal ProtectApp LUKS cryptsetup functionality is used.

Note

  • Ensure to keep the user_name blank as username will be picked from the Client Certificate.

  • Ensure that the interface mode 'Verify client cert, username taken from client cert, auth request is optional' is selected in the interface setting of CipherTrust Manager.

Example:

  • key_name=<CipherTrust Manager key name>

  • user_name= <keep this blank>

  • key_version=0

  • enable =<yes>

On this page