NMAS relies on storing global policies to the eDirectory tree, which is effectively the security domain. The security policies must be available to all servers in the tree.
NMAS places the authentication policies and login method configuration data in the Security container that is created off the [Root] partition. This information must be readily accessible to all servers that are enabled for NMAS. The purpose of the Security container is to hold global policies that relate to security properties such as login, authentication, and key management.
eDirectory 8.8 provides security container caching. This feature caches the security container data on local servers so NMAS doesn’t need to access the Security container with every attempted login. See the eDirectory 8.8 Administration Guide for more information.
With NMAS and eDirectory 8.7.x, we recommend that you create the Security container as a separate partition and that the container be widely replicated. This partition should be replicated as a Read/Write partition only on those servers in your tree that are highly trusted.
WARNING:Because the Security container contains global policies, be careful where writable replicas are placed, because these servers can modify the overall security policies specified in the eDirectory tree. In order for users to log in with NMAS, replicas of the User objects and security container must be on the NMAS server.
For additional information, see Novell TID3393169.