New Credentials Aquisition

Acquiring new credentials can be done through the New Credentials Wizard, which can be invoked through one of the following methods:

The first time it is invoked, the new credentials wizard shows you the identity specification page. The workflow in this case is illustrated below:

Workflow for obtaining new credentials for an identity for the first time

Workflow for obtaining new credentials for an identity for the first time.

However, on subsequent invocations, the new credentials wizard will take you directly to the password page, as illustrated below:

Workflow for obtaining new credentials after an identity is configured

Workflow for obtaining new credentials after an identity is configured.

Identity Specification Page

New credentials wizard - Identity specification

The identity specification page

If the Kerberos v5 identity provider is used, the dialog will ask for a username and a realm to determine the identity for which new credentials will be obtained. Depending on the selected identity, you may be required to provide a password or other form of authentication before new credentials can be obtained.

By default, the only identity selector available is Kerberos v5. If you have other plug-ins installed that provide identity selectors, they will appear in the identity selection panel allowing you to choose other identity types.

Once the desired identity has been specified, you can select the Next button to advance to the next page of the wizard.

If you arrived at the identity specification page from another page in the new credentials wizard, selecting the Back button will take you back to that previous page.

Note:

If the selected identity requires validation, then the identity specification page will take you to the identity validation page next. From here, you will be able to observe progress of the validation process and also observe any problems it might encounter.

You will only be able to proceed with identity configuration or credentials acquisition if the identity passes validation.

Identity Selection

Most of the pages on the new credentials wizard have a large button on the top that shows the currently selected identity. Clicking the button will present you with the identity selection menu:

New credentials wizard - Identity selection

Identity selection menu

The list of identities shown are the identities that you supports acquiring new credentials. In addition, the New identity option allows you to specify an identity that is not listed or configured. Selecting this option takes you to the Identity Specification page.

Selecting any other identity will take you either to the password page for that identity or the identity configuration pages depending on whether this is the first time you are getting credentials for that identity. If you had already selected an identity, then the corresponding menu item will appear disabled.

New Identity Configuration

When a new identity is specified, the New Credentials Wizard switches over to the New Identity Configuration Wizard and guides you through the available options for this identity. You only need to do this once for an identity.

New credentials wizard - Identity configuration

New credentials wizard during identity configuration

The Next and Back buttons will take you through the available options pages and finally the password page, where you will be asked for the password for the identity.

If the identity does not require a password, then you can select Finish at any time to obtain credentials using the default settings.

New credentials wizard - the password page of the identity configuration wizard

New credentials wizard showing the password page of identity configuration

Note:

The password that you enter here will not be stored by Network Identity Manager unless you also check the Save password check box. Network Identity Manager ships with a default key storage provider called KeyStore which lets you store multiple passwords that are protected by a master password.

For more information about saving passwords, please see 'Password persistence'

For more information about the key store provider, please see KeyStore.

Progress

As the final step of the New Credentials Wizard, you will be shown the progress page, where you can monitor the progress of the credential acquisition operation.

New credentials wizard - Progress page

New credentials wizard at the progress page

If there are any problems with acquring new credentials, they will be shown to you here as illustrated below:

Progress page showing error

Progress page showing an error while acquiring new credentials

If an error occurs, you may select the Back button to go back to the password page or the credentials options pages and take any necessary corrective action. If you believe the error was due to a transient condition, you can select the Retry button to retry the operation using the current settings and the previously entered password (if any).

New credentials wizard - For a known identity

Once one or more identities are configured, the new credentials wizard will take on a different appearance.

New credentials wizard - Kerberos v5 password

New credentials wizard - Kerberos v5 password

Since Network Identity Manager already has the configuration information it needs to process the new credentials operation, all it needs from you is the password for the Kerberos v5 principal. Once you enter the password and select Finish you will be taken to the 'Progress' panel.

In addition, you may also make the selected identity the default identity using the Make this the default identity check box before clicking the Finish button.

Note:

The password that you enter here will not be stored by Network Identity Manager unless you also check the Save password check box. Network Identity Manager ships with a default key storage provider called KeyStore which lets you store multiple passwords that are protected by a master password.

For more information about saving passwords, please see 'Password persistence'

For more information about the key store provider, please see KeyStore.

New credential wizard - Advanced options

Clicking on the Advanced options button from the password page will bring you to this pane.

New credentials wizard - Advanced panel

New credentials wizard - Advanced page

This page presents you with all the options available for obtaining credentials for the selected identity. Each pane in the tabbed area corresponds to a credentials provider that is participating in the credentials acquisition. You may see additional tabs here if you have other plug-ins installed.

More information about options specific to each credentials type can be found below:

Note:

Any changes you make in the credentials type configuration panels here may not be saved unless you proceed with the new credentials operation. If you wish to make changes to the identity configuration without obtaining new credentials, you should use the Configuration dialog.

Additional notes

The new credentials dialog can be invoked from the command line using the -i or --kinit command line option. Additionally, if you specify the -a or --autoinit command line option, the new credentials dialog will be displayed if there are no credentials available.

Setting the Obtain new credentials at startup (if none are present) option in the General configuration panel causes NetIDMgr to behave as if the --autoinit option is specified at the beginning of each session.