2.0 Tasks

Novell SecretStore leverages Novell eDirectory and Novell International Cryptographic Infrastructure (NICI) to securely store and retrieve user authentication information. The SecretStore client application makes read and write calls to SecretStore services on the server, which processes and executes the requests. User secrets (such as the username and password) are encrypted by SecretStore using NICI encryption and stored as eDirectory hidden attributes.

All requests between client and server take advantage of the authenticated credentials established between the client and server after login. SecretStore secure NCP uses NICI ephemeral session keys to guarantee confidentiality and integrity of the user data.

Figure 2-1 NCP92 Single Sign-on Using SecretStore

The diagram above shows the basic steps used in a NCP92 single sign-on session with SecretStore:

  1. The SecretStore-enabled application client requests authentication secrets from the server.

  2. The request is sent to SecretStore on the server over the encrypted channel.

  3. SecretStore receives the request and retrieves the data from eDirectory.

  4. SecretStore decrypts the secret data and sends back the data to the SecretStore client over the same secure connection.

NOTE:LDAP-based access to SecretStore establishes a SSL-based connection to the target server after a successful bind and does not use NICI for wire encryption.