6.2 Using the LoginInfo Command

With NMAS 3.2 or later, you can turn off the automatic updating of certain user object login attributes by using the LoginInfo <numb> command. You might want to do this if automatically updating attributes causes problems. The following sections further explain this functionality:

6.2.1 NMAS Login for LDAP Bind

In order to make your passwords case-sensitive, you must enable NMAS login for LDAP Bind. For information on how to do this, see How to Make Your Password Case-Sensitive in theNovell eDirectory 8.8 What.

When NMAS login is enabled for LDAP Bind, eDirectory automatically updates user object login attributes after the user has authenticated. Following is a non-exhaustive list of login attributes that are updated:

  • Login Time

  • Network Address

  • Last Login Time

6.2.2 Problems Caused by Automatically Updating User Object Login Attributes

The automatic updating of user object login attributes can produce the following problems:

  • High utilization

  • Unresponsiveness

  • Client time-outs seen on busy authentication servers, especially in LDAP environments

If you are experiencing these problems, you might want to regulate when the login attributes are updated. For information on how to do this, see Section 6.2.3, Using the LoginInfo Command to Control When Attributes are Updated.

6.2.3 Using the LoginInfo Command to Control When Attributes are Updated

To control when login attributes are updated, execute the nmas LoginInfo <num> command.

The value for <num> is as follows:

  • 0 or off: Do not update any login attributes.

  • 1: Only update attributes that are required by intruder detection.

  • 2: Update all login attributes except unused user password policy attributes.

  • 3 or on: Update all login attributes.

For information on how to invoke the LoginInfo command for each NMAS Server platform, see Section 6.3, Invoking NMAS Commands.