This page (revision-1) was last changed on 29-Nov-2024 16:16 by -jim

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NMAS
NMAS

Version management

Difference between version and

At line 1 added 67 lines
!!! Overview
[Novell Modular Authentication Service] ([{$pagename}]) is a component of Novell [eDirectory]™ that enables you to centrally manage multiple [Authentication Methods] across your network.
The [NMAS] [SDK] provides a set of tools to create an expanded set of [NMAS login methods|NDS Login Methods] to help you secure critical network [resources].
!! [{$pagename}] Functionality
[{$pagename}] is designed to help you protect information on your network. In addition to the Password Management tool, [{$pagename}] brings together different [Authentication Methods] to NetIQ [eDirectory] networks. This helps to ensure that the people accessing your network resources are who they say they are.
[{$pagename}] employs three different phases of operation during a user’s session on a workstation with respect to authentication devices. These phases are as follows:
* User [Identification] Phase (who are you?)
* [Authentication] (Login) Phase (prove who you say you are)
* [Device] Removal Detection Phase (are you still there?)
All three of these phases of operation are completely independent. [Authentication] [devices] can be used in each phase, but the same [device] need not be used each time.
! User Identification Phase
User Identification Phase is the process of gathering the [username]. Also provided in this phase are the [NDS Tree-name], the user’s [context], the server name, and the name of the [{$pagename}] sequence to be used during the [Authentication] phase. This [authentication] information can be obtained from an [authentication] device, or it can be entered manually by the user.
! Authentication (Login) Phase
[{$pagename}] uses three different approaches to logging in to the network called [Authentication Factors]. These [Authentication Factors] describe different items or qualities a user can use to authenticate to the network:
* Password Authentication ([something You Know])
* Physical Device Authentication ([something You Have])
* Biometric Authentication ([something You Are])
! [Password] [Authentication]
[Passwords] ([something You Know]) are important methods for authenticating to networks. NMAS provides several password authentication options:
* [NDS Password]: The [NDS Password] is stored in a [hash] form that is non-reversible and only the NDS system can make use of this [password]. This option, by default, uses the [Universal Password] if enabled and set.
* [Simple Password]: The simple password allows administrators to import users and [passwords] ([plaintext] and [hashed|hash]) from foreign [LDAP] directories. This option, by default, uses the [Universal Password] if enabled and set.
* [DIGEST-MD5] [SASL]: [DIGEST-MD5] [SASL] provides the [IETF] standard [DIGEST-MD5] [SASL Mechanism] that validates a [password] [hashed|hash] by the [MD5] [algorithm] to be used for a [LDAP] [SASL] [Bind Request]. This option, by default, uses the [Universal Password] if enabled and set.
* [Challenge-response|NovellS Challenge Response System]: [Challenge-response|NovellS Challenge Response System] provides a way for a user to [Authenticate] using one or more responses to pre-configured [nsimRandomQuestions] or [nsimRequiredQuestions].
[Universal Password] is a way to simplify the integration and management of different [password] and [authentication Methods] into a coherent network.
[Novell Secure Password Manager] provides methods for management of the [Universal Password]
!! [{$pagename}] Physical [Device] [Authentication]
[{$pagename}] developers and third-party [authentication] developers have written [authentication] modules for [NMAS] for several types of physical [devices] ([something You Have]):
NOTE:NMAS uses the word to refer to all physical device authentication methods ([smart Cards] with [certificates], [One-Time password] ([OTP]) [devices], [proximity Cards], etc.).
with [{$pagename}], a [Smart Card] can be used to establish an identity when authenticating to eDirectory.
NetIQ provides the NetIQ Enhanced Smart Card login method for the use of smart cards. The NetIQ Enhanced [Smart Card] [login method|Authentication Method] is provided as part of the [Identity Assurance Client]. For more information, see the NetIQ Enhanced Smart Card Method 3.0 Installation and Administration Guide.
[One-Time password] ([OTP]) device: An [OTP] device is a hand-held hardware device that generates a one-time password to [authenticate] its owner.
[{$pagename}] provides the pcProx login method, which supports [RFID] [proximity Cards]. The pcProx login method is provided as part of the NetIQ [SecureLogin] product.
!! [NMAS Result Codes]
[NMAS Result Codes]
!! NMAS Development Info
* [wiki:Novell Modular Authentication Service|http://developer.novell.com/wiki/index.php/Novell_Modular_Authentication_Service]
* [NMAS Sample Code|http://developer.novell.com/documentation/samplecode/nmas_sample/index.htm]
* [NDK: Novell Modular Authentication Services|http://developer.novell.com/documentation/nmas/index.html?page=/documentation/nmas/nmas_enu/data/bktitle.html]
* [com.novell.security.nmas.mgmt|http://developer.novell.com/documentation/nmas/nmas_enu/api/index.html]
* [NDS Login Methods]
* [Configuring GSSAPI With Edirectory|ConfiguringGSSAPIWithEdirectory]
* [LDAP Edirectory Passwords|LDAPEdirectoryPasswords]
!! Category
%%category [eDirectory]%%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by -jimTop