Avoiding "Double Authentication" with Active Directory

Novell Cool Solutions: Tip

Reader Rating from 1 ratings

Digg This - Slashdot This

Posted: 23 Apr 2003

Here's a tip that comes in handy if you have SecureLogin on eDir, but the primary authentication is against AD. Normally you will need to re-enter your credential in NSL.

At this time, it is possible for the LDAP client to remember a user's LDAP Logon credentials in the registry so a user isn't prompted for their LDAP logon to SecureLogin every time.

User Logs on to ADS
User starts SecureLogin for the first time.
They are asked for their Username and Password for LDAP
Switch the registry setting to remember the LDAP logon credentials.

HKLocalMachine\Software\Protocom\SecureLogin\CacheLDAPCredentials
DWORD=1

HKCurrentUser\Software\Protocom\SecureLogin\CacheLDAPCredentials
DWORD=1

As usual HKCU overrides HKLM.

They enter their username (including context) and password.
SecureLogin stores their credentials, in an encrypted format, in the registry for the user.
Every time they logon after that, it will use start automatically and not prompt a second time for their username and password.

A current limitation of this solution is that there is no contextless logon, so a user must know their context. With contextless logon, the system will search the network for the username and automatically populate the user's context so a user only needs to remember MMoehn rather than MMoehn.Zurich.Protocom for example.

Reader Comments

SecureLogin (v3.0) can integrate to Active Directory - without eDirectory. If you primary Auth. is against AD I would install SecureLogin with AD integration instead of LDAP.

Like what you see?
Sign up for our weekly newsletter.

Want to contribute?
It could earn you a nano! Learn more.

Like Wikis?
Join the Cool Solutions Wiki.

Interested?
Request a sales call

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com