Content moved to: NovellS Challenge Response System
To understand how Novell's Challenge/Response works, we need to understand how NMAS functions, because the Password Self-Service uses the Universal Password and the NMAS Challenge/Response method.
All NMAS methods consist of a Login Server Module (LSM) that runs on the server where eDirectory is located, and a Login Client Module (LCM) that can be run from a number of different locations.
LCM's communicate with eDirectory via its corresponding LSM. The Challenge/Response LCM is written in Java so that it can be accessed by a servlet or a portlet. The Challenge/Response LSM accesses eDirectory and determines which set of challenges a user will have to answer. Then it determines whether the user will be authenticated to the LDAP server, based on the answers given. When you installed eDirectory, the NMAS Challenge/Response method was also installed.
Where are the Challenge Questions Stored?#That depends.
If the user has answered his challenges, then it is defined on the user entry, we believe, in the encrypted attribute sASLoginSecretKey. In addition the challenges are stored on the user entry within the SASLoginSecret along with the encrypted responses.