<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview 
[Novell Modular Authentication Service] ([{$pagename}]) is a component of Novell [eDirectory]™ that enables you to centrally manage multiple [Authentication Methods] across your network. 

The [NMAS] [SDK] provides a set of tools to create an expanded set of [NMAS login methods|NDS Login Methods] to help you secure critical network [resources].

!! [{$pagename}] Functionality
[{$pagename}] is designed to help you protect information on your network. In addition to the Password Management tool, [{$pagename}] brings together different [Authentication Methods] to NetIQ [eDirectory] networks. This helps to ensure that the people accessing your network resources are who they say they are.

[{$pagename}] employs three different phases of operation during a user’s session on a workstation with respect to authentication devices. These phases are as follows:
* User [Identification] Phase (who are you?)
* [Authentication] (Login) Phase (prove who you say you are)
* [Device] Removal Detection Phase (are you still there?)

All three of these phases of operation are completely independent. [Authentication] [devices] can be used in each phase, but the same [device] need not be used each time.

! User Identification Phase
User Identification Phase is the process of gathering the [username]. Also provided in this phase are the [NDS Tree-name], the user’s [context], the server name, and the name of the [{$pagename}] sequence to be used during the [Authentication] phase. This [authentication] information can be obtained from an [authentication] device, or it can be entered manually by the user.

! Authentication (Login) Phase
[{$pagename}] uses three different approaches to logging in to the network called [Authentication Factors]. These [Authentication Factors] describe different items or qualities a user can use to authenticate to the network:
* Password Authentication ([something You Know])
* Physical Device Authentication ([something You Have])
* Biometric Authentication ([something You Are])

! [Password] [Authentication]
[Passwords] ([something You Know]) are important methods for authenticating to networks. NMAS provides several password authentication options:
* [NDS Password]: The [NDS Password] is stored in a [hash] form that is non-reversible and only the NDS system can make use of this [password]. This option, by default, uses the [Universal Password] if enabled and set.
* [Simple Password]: The simple password allows administrators to import users and [passwords] ([plaintext] and [hashed|hash]) from foreign [LDAP] directories. This option, by default, uses the [Universal Password] if enabled and set.
* [DIGEST-MD5] [SASL]: [DIGEST-MD5] [SASL] provides the [IETF] standard [DIGEST-MD5] [SASL Mechanism] that validates a [password] [hashed|hash] by the [MD5] [algorithm] to be used for a [LDAP] [SASL] [Bind Request]. This option, by default, uses the [Universal Password] if enabled and set.
* [Challenge-response|NovellS Challenge Response System]: [Challenge-response|NovellS Challenge Response System] provides a way for a user to [Authenticate] using one or more responses to pre-configured [nsimRandomQuestions] or [nsimRequiredQuestions].

[Universal Password] is a way to simplify the integration and management of different [password] and [authentication Methods] into a coherent network. 

[Novell Secure Password Manager] provides methods for management of the [Universal Password] 

!! [{$pagename}] Physical [Device] [Authentication]
[{$pagename}] developers and third-party [authentication] developers have written [authentication] modules for [NMAS] for several types of physical [devices] ([something You Have]):

NOTE:NMAS uses the word to refer to all physical device authentication methods ([smart Cards] with [certificates], [One-Time password] ([OTP]) [devices], [proximity Cards], etc.).

with [{$pagename}], a [Smart Card] can be used to establish an identity when authenticating to eDirectory.

NetIQ provides the NetIQ Enhanced Smart Card login method for the use of smart cards. The NetIQ Enhanced [Smart Card] [login method|Authentication Method] is provided as part of the [Identity Assurance Client]. For more information, see the NetIQ Enhanced Smart Card Method 3.0 Installation and Administration Guide.

[One-Time password] ([OTP]) device: An [OTP] device is a hand-held hardware device that generates a one-time password to [authenticate] its owner.

[{$pagename}] provides the pcProx login method, which supports [RFID] [proximity Cards]. The pcProx login method is provided as part of the NetIQ [SecureLogin] product.


!! [NMAS Result Codes]
[NMAS Result Codes]

!! NMAS Development Info
* [wiki:Novell Modular Authentication Service|http://developer.novell.com/wiki/index.php/Novell_Modular_Authentication_Service]
* [NMAS Sample Code|http://developer.novell.com/documentation/samplecode/nmas_sample/index.htm]
* [NDK: Novell Modular Authentication Services|http://developer.novell.com/documentation/nmas/index.html?page=/documentation/nmas/nmas_enu/data/bktitle.html]
* [com.novell.security.nmas.mgmt|http://developer.novell.com/documentation/nmas/nmas_enu/api/index.html]
* [NDS Login Methods]
* [Configuring GSSAPI With Edirectory|ConfiguringGSSAPIWithEdirectory]
* [LDAP Edirectory Passwords|LDAPEdirectoryPasswords]

!! Category
%%category [eDirectory]%%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>