This chapter describes usage scenarios and configuration tasks related to nevisAuth. A scenario consists of several administration or configuration tasks and may be part of a scenario that involves several NEVIS components.
All configuration tasks related to key management are described in the nevisKeybox documentation. As it is a service primarily used by nevisProxy, nevisAuth integration tasks are documented in the nevisProxy reference guide.
Administrators and integrators should be familiar with UNIX command line interfaces, the "vi" editor, and have a sufficient understanding of the NEVIS architecture.
Some use cases described in this chapter are very security sensitive and may compromise the infrastructure if they are not executed carefully. The tasks include:
- Any certificate handling where a private key is involved (for example, the chapter Installing a certificate for token signing), as well as the protection of private keys with passwords.
- Initial installation may contain a test authentication back end that allows access to any user who presents a password equal to the login ID.
- The server's communication infrastructure should support authentication and encryption on the network layer. This enables the server to verify the client's identity and user credentials, as well as it prevents SecToken information from being visible on the network.
nevisAuth requires a private key for signing authenticated user and session data. The installation and protection of this key is fundamental. If this key gets compromised, the attacker is able to generate security tokens signed with this compromised key.