Enabling PKI authentication in the client

You can enable public key infrastructure (PKI) authentication in the Rational® DOORS® client by using command-line switches or a batch file.

Before you begin

Before you perform this task, follow the instructions in Enabling PKI authentication in the database server.

About this task

If you use command-line switches to enable authentication, use these command-line switches:
-keyDB
The full path and file name of the keystore in the client, such as C:\certdb\client_authentication.kdb.
-pkcs11driver
The full path and file name of the card drive file, such as C:\Windows\System32\aetpkssw.dll. This switch is specific to the pkcs#11 standard, which Rational DOORS uses for PKI authentication.
-pkcs11token
The smart card name, such as "Crescendo". This switch is specific to the pkcs#11 standard, which Rational DOORS uses for PKI authentication.
-certName
The certificate on the smart card, such as "Crescendo:certOne". In the pkcs#11 standard, the name of the certificate must include the name of the card, in this case"Crescendo".

Procedure

Use one of these methods to enable authentication:

Results

After PKI authentication is enabled, your users must use a smart card or a certificate in the client keystore to log on.

When the Rational DOORS client starts, if the distinguished name (DN) in the client certificate is associated with only one Rational DOORS user account, the user logs on automatically. If the DN is associated with more than one user account, the "User name" window is displayed, and the user must enter a user name that is associated with the DN.

For security, the associated user names are not displayed.


Feedback