The objective is how to provide the user with the ability to securely reset their password or retrieve their password when they have forgotten.
Novell's Challenge Response
Novell has implemented some very secure methods that allow this objective to be reached.
The methodology utilized is done by the user answering "Challenge Questions" correctly and submitting the "Challenge Responses" to the LDAP Directory via the NMAS Challenge Response authentication mechanism. The NMAS Challenge Response authentication mechanism is implemented over LDAP as a SASL bind which allows operations to be performed as if the user utilized their password for authentication. No "admin" level credentials are required for operation.
These are the attributes on the user entry that are related to the challenge-response methods.
- Appears to contain some encrypted key for NMAS logins. Used in simple and ChallengeResponse Logins
- We are not sure. Appears to where the Challenge Response Questions and answers are stored on the user Entry only if the user has answered their challenges.
- Appears to where the Challenge Response Questions and answers are stored on the user Entry.
- Each value appears to contain one ChallengeResonseQuestion (in Clear text) and the associated encrypted ChallengeResonseText
There might be more information for this subject on one of the following: