Overview #

Novell Modular Authentication Service (NMAS) is a component of Novell eDirectory™ that enables you to centrally manage multiple Authentication Methods across your network.

The NMAS SDK provides a set of tools to create an expanded set of NMAS login methods to help you secure critical network resources.

NMAS Functionality#

NMAS is designed to help you protect information on your network. In addition to the Password Management tool, NMAS brings together different Authentication Methods to NetIQ eDirectory networks. This helps to ensure that the people accessing your network resources are who they say they are.

NMAS employs three different phases of operation during a user’s session on a workstation with respect to authentication devices. These phases are as follows:

All three of these phases of operation are completely independent. Authentication devices can be used in each phase, but the same device need not be used each time.

User Identification Phase#

User Identification Phase is the process of gathering the username. Also provided in this phase are the NDS Tree-name, the user’s context, the server name, and the name of the NMAS sequence to be used during the Authentication phase. This authentication information can be obtained from an authentication device, or it can be entered manually by the user.

Authentication (Login) Phase#

NMAS uses three different approaches to logging in to the network called Authentication Factors. These Authentication Factors describe different items or qualities a user can use to authenticate to the network:

Password Authentication#

Passwords (something You Know) are important methods for authenticating to networks. NMAS provides several password authentication options:

Universal Password is a way to simplify the integration and management of different password and authentication Methods into a coherent network.

Novell Secure Password Manager provides methods for management of the Universal Password

NMAS Physical Device Authentication#

NMAS developers and third-party authentication developers have written authentication modules for NMAS for several types of physical devices (something You Have):

NOTE:NMAS uses the word to refer to all physical device authentication methods (smart Cards with certificates, One-Time password (OTP) devices, proximity Cards, etc.).

with NMAS, a Smart Card can be used to establish an identity when authenticating to eDirectory.

NetIQ provides the NetIQ Enhanced Smart Card login method for the use of smart cards. The NetIQ Enhanced Smart Card login method is provided as part of the Identity Assurance Client. For more information, see the NetIQ Enhanced Smart Card Method 3.0 Installation and Administration Guide.

One-Time password (OTP) device: An OTP device is a hand-held hardware device that generates a one-time password to authenticate its owner.

NMAS provides the pcProx login method, which supports RFID proximity Cards. The pcProx login method is provided as part of the NetIQ SecureLogin product.

NMAS Result Codes#

NMAS Result Codes

NMAS Development Info#



More Information#

There might be more information for this subject on one of the following: