--- caDualCert.cfg	2008-05-09 14:40:09.000000000 +0200
+++ caDualDirUserCert.cfg	2008-05-22 14:12:47.000000000 +0200
@@ -1,13 +1,11 @@
-desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.
+desc=This certificate profile is for enrolling dual user certificates (encryption/signing certificate pairs) with directory-based authentication.
 visible=true
 enable=true
 enableBy=admin
-name=Manual User Signing & Encryption Certificates Enrollment
-auth.class_id=
-input.list=i1,i2,i3
+name=Directory-Authenticated User Dual-key Certificate Enrollment
+auth.instance_id=UserDirEnrollment
+input.list=i1
 input.i1.class_id=dualKeyGenInputImpl
-input.i2.class_id=subjectNameInputImpl
-input.i3.class_id=submitterInfoInputImpl
 output.list=o1
 output.o1.class_id=certOutputImpl
 policyset.list=encryptionCertSet,signingCertSet
@@ -16,7 +14,7 @@
 policyset.encryptionCertSet.1.constraint.name=Subject Name Constraint
 policyset.encryptionCertSet.1.constraint.params.pattern=UID=.*
 policyset.encryptionCertSet.1.constraint.params.accept=true
-policyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl
+policyset.encryptionCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl
 policyset.encryptionCertSet.1.default.name=Subject Name Default
 policyset.encryptionCertSet.1.default.params.name=
 policyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl
@@ -85,7 +83,7 @@
 policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
 policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false
 policyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name
-policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
+policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.auth_token.mail[0]$
 policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
@@ -99,7 +97,7 @@
 policyset.signingCertSet.1.constraint.name=Subject Name Constraint
 policyset.signingCertSet.1.constraint.params.pattern=UID=.*
 policyset.signingCertSet.1.constraint.params.accept=true
-policyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl
+policyset.signingCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl
 policyset.signingCertSet.1.default.name=Subject Name Default
 policyset.signingCertSet.1.default.params.name=
 policyset.signingCertSet.2.constraint.class_id=validityConstraintImpl
@@ -158,7 +156,7 @@
 policyset.signingCertSet.8.default.name=Subject Alt Name Constraint
 policyset.signingCertSet.8.default.params.subjAltNameExtCritical=false
 policyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name
-policyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
+policyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.auth_token.mail[0]$
 policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true
 policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1
 policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl