The objective is how to provide the user with the ability to securely reset their password or retrieve their password when they have forgotten.

Automated Password Self Service (APASS)#

Novell's Challenge Response

Novell has implemented some very secure methods that allow this objective to be reached.

The methodology utilized is done by the user answering "Challenge Questions" correctly and submitting the "Challenge Responses" to the LDAP Directory via the NMAS Challenge Response authentication mechanism. The NMAS Challenge Response authentication mechanism is implemented over LDAP as a SASL bind which allows operations to be performed as if the user utilized their password for authentication. No "admin" level credentials are required for operation.

User Attributes#

These are the attributes on the user entry that are related to the challenge-response methods.


sASLoginConfigurationKey - Appears to contain some encrypted key for NMAS logins. Used in simple and ChallengeResponse Logins


sASLoginConfiguration - We are not sure. Appears to where the Challenge Response Questions and answers are stored on the user Entry only if the user has answered their challenges.


sASLoginSecretKey - Appears to where the Challenge Response Questions and answers are stored on the user Entry.


sASLoginSecret - Each value appears to contain one ChallengeResonseQuestion (in Clear text) and the associated encrypted ChallengeResonseText

More Information#

There might be more information for this subject on one of the following: ...nobody

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-13) was last changed on 26-Nov-2015 17:26 by jim