4.0 Using Graded Authentication

The graded authentication feature of NMAS™ allows you to control users' access to network resources based on the login methods used to log in to the network. This means that you can set access rights to NetWare® volumes and any attribute in Novell ®eDirectory™ based on how users log in.

NOTE:Graded authentication is only available on NetWare.

Graded authentication is based on the relationship between a user and an object, where an object is a network volume or eDirectory attribute. Graded authentication uses the same NMAS login factors (password, physical device, and biometric authentication) and security grades to establish the user object relationship and to determine the grade or level of authentication.

To set up graded authentication, you need to do the following:

  1. Understand the graded authentication rules.

  2. Set up and assign security labels to volumes and eDirectory attributes.

  3. Assign clearances for each user who is logging in to the network using NMAS. By default, all users have a clearance.

The following topics provide information on setting up graded authentication:

An example of graded authentication is located at the end of this chapter.