NovellS Challenge Response

Content moved to: NovellS Challenge Response System

To understand how Novell's Challenge/Response works, we need to understand how NMAS functions, because the Password Self-Service uses the Universal Password and the NMAS Challenge/Response method.

All NMAS methods consist of a Login Server Module (LSM) that runs on the server where eDirectory is located, and a Login Client Module (LCM) that can be run from a number of different locations.

LCM's communicate with eDirectory via its corresponding LSM. The Challenge/Response LCM is written in Java so that it can be accessed by a servlet or a portlet. The Challenge/Response LSM accesses eDirectory and determines which set of challenges a user will have to answer. Then it determines whether the user will be authenticated to the LDAP server, based on the answers given. When you installed eDirectory, the NMAS Challenge/Response method was also installed.

References from

Where are the Challenge Questions Stored?#

That depends.

The questions are stored within the NsimChallengeSet entry that is associated to the NspmPasswordPolicy that is assigned to the user entry.

If the user has answered his challenges, then it is defined on the user entry, we believe, in the encrypted attribute sASLoginSecretKey. In addition the challenges are stored on the user entry within the SASLoginSecret along with the encrypted responses.

More Information#

There might be more information for this subject on one of the following: