Search

Chapter 1. Introduction to the Enterprise Security Client

download PDF
The Enterprise Security Client is a tool for Red Hat Certificate System which simplifies managing smart cards. End users can employ security tokens (smart cards) to store user certificates for applications such as single sign-on (SSO) access and client authentication. End users are issued the tokens containing certificates and keys required for signing, encryption, and other cryptographic functions.
The Enterprise Security Client is the third part of Certificate System's complete token management system. Two subsystems — the Token Key Service (TKS) and Token Processing System (TPS) — are used to process token-related operations. The Enterprise Security Client is the interface which allows the smart card and user to access the token management system.
After a token is enrolled, applications such as Mozilla Firefox and Thunderbird can be configured to recognize the token and use it for security operations, like client authentication and S/MIME mail. The Enterprise Security Client provides the following capabilities:
  • Supports Global Platform-compliant smart cards like Gemalto 64K V2 and Safenet 300J Java smart cards.
  • Enrolls security tokens so they are recognized by TPS.
  • Maintains the security token, such as re-enrolling a token with TPS.
  • Provides information about the current status of the token or tokens being managed.
  • Supports server-side key generation through the TPS and DRM subsystems so that keys can be archived and recovered on a separate token if a token is lost.

1.1. Red Hat Enterprise Linux, Single Sign-On, and Authentication

Network users frequently have to submit multiple passwords for the various services they use, such as e-mail, web browsing and intranets, and servers on the network. Maintaining multiple passwords, and constantly being prompted to enter them, is a hassle for users and administrators. Single sign-on is a configuration which allows administrators to create a single password store so that users can log in once, using a single password, and be authenticated to all network resources.
Red Hat Enterprise Linux supports single sign-on for several resources, including logging into workstations and unlocking screensavers, accessing encrypted web pages using Mozilla Firefox, and sending encrypted email using Mozilla Thunderbird.
Single sign-on is both a convenience to users and another layer of security for the server and the network. Single sign-on hinges on secure and effective authentication, and the Enterprise Security Client ties into the public-key infrastructure implemented by Red Hat Certificate System.
One of the cornerstones of establishing a secure network environment is making sure that access is restricted to people who have the right to access the network. If access is allowed, users can authenticate to the system, meaning they can verify their identities. One such method is presenting a certificatee: an electronic document that identifies the entity presenting it.
These certificates can be stored on a smart card. When inserted by a user, the smart card presents the certificates to the system and identifies the user so it can be authenticated. One of the two authentication methods for Red Hat Enterprise Linux's single sign-on is smart card authentication. (The other is Kerberos-based authentication.)
Single sign-on using smart cards goes through three steps:
  1. A user inserts a smart card into the card reader. This is detected by the pluggable authentication modules (PAM) on Red Hat Enterprise Linux.
  2. The system maps the certificate to the user entry and then compares the presented certificates on the smart card to the certificates stored in the user entry.
  3. If the certificate is successfully validated against the key distribution center (KDC), then the user is allowed to log in.
The Enterprise Security Client manages the smart cards, which is part of administering single sign-on.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.