Configuring Passwordless Certificate based authentication
Perform the following changes to ks_user_config file to configure Passwordless Certificate based authentication :
key_name=
<CipherTrust Manager key name>user_name=
<keep this blank>enable =
<yes>
Here, yes implies that SafeNet ProtectApp-LUKS is enabled, otherwise normal LUKS cryptsetup functionality is used.
Note
Ensure to keep the user_name blank as username will be picked from the Client Certificate.
Example:
key_name=
<CipherTrust Manager key name>user_name=
enable =
<yes>
Ensure that the interface mode 'Verify client cert, username taken from client cert, auth request is optional' is selected in the interface setting of CipherTrust Manager.
