Whenever a Client Automation client process connects to a CAF plug-in that requires authentication, the client process must pass security credentials relevant to the target services security requirements. Where the client process is running as an autonomous process, such as a Windows NT service or a UNIX daemon, the client process may authenticate using X.509 V3 certificates in the absence of any user credentials.
An X.509 certificate for Client Automation authentication comprises a set of attribute-value pairs packaged together with the public encryption key of an asymmetric key pair. The certificate is digitally signed and sealed by a root certificate. The certificate records the name of the subject to whom the certificate was issued, the issuing certificate authority name and expiry information. The subject name is often referred to as the Distinguished Name (DN). The subject name is mapped to a Uniform Resource Identifier (URI) in the x509cert namespace, such as the following:
x509cert://dsm r11/CN=Basic Host Identity,O=Computer Associates,C=US
For an overview of the current certificates see Common Certificates and Application-specific Certificates.
Using public key cryptography, clients will authenticate themselves to scalability servers upon request. A scalability server can then use the certified identity to perform subsequent authorization checks and commit audit records. The management console enables certificate URIs to be assigned privileges to tasks or objects within the Client Automation management database.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|