[Pki-users] Token Cert Profile Question

I currently have a CS setup where using Gemalto tokens, I can see that an signing and encryption certs are written to the card. What profile(s) in the /var/lib/<ca instance>/profile directory is used to generate the certs in a default dogtag setup? I noticed there is both a caTokenUserEncryptionKeyEnrollment.cfg and caTokenUserSigningLeyEnrollment.cfg profiles in the directory that seem to correspond to each of the certs created on the token. That is a bit odd to me as I though it usually was one profile that would have multiple policysets to handle 2 certs not a seperate profile for each? The basic question is I'd like to modify the configuration so a third cert is created on the card (to be used for authentication) beyond the email signing and encryption certs. Anyone know how to do that? Thanks Sean