Novell Documentation: SecretStore 3.3 - Server and Workstation Components

Server and Workstation Components

This topic describes SecretStore components for servers and workstations.

Server Components

For NetWare Servers

Filename	Description
sssi.nlm	The Novell SecretStore installation NetWare Loadable Module^TM (NLM). Sssi.nlm extends the eDirectory schema, installs the Novell SecretStore server and its plugins (sss.nlm, ssldp.nlm, and ssncp.nlm), configures the eDirectory LDAP server to enable SecretStore extensions, and initializes or validates the Security Domain Infrastructure (SDI) on NetWare^®. You use nwconfig.nlm to load sssi.nlm. NOTE: On UNIX, the ss_install script is the equivalent of sssi.nlm. Windows Server* has its own complete GUI install.
sss.nlm	The Novell SecretStore service. SecretStore provides a secure infrastructure for storing and retrieving secrets and credentials in eDirectory. SecretStore uses NICI and SDI to safely and securely store a user's secrets. Novell SecureLogin, Novell Portal Services, and Novell iChain^® all provide single sign-on functionality to applications that use SecretStore. Upon a successful authentication of the user to an application, the SecretStore-enabled application stores the application's login credential in SecretStore. From then on, when the user logs in to eDirectory and launches the application, the single sign-on client retrieves the application password from SecretStore, provides it to the application or Web site in the background, and authenticates the user.
ssldp.nlm	The SecretStore LDAP transport plug-in.
sssncp.nlm	The SecretStore NCP^TM transport plug-in.
lsss.nlm	The LDAP SecretStore extension manager. Enables applications to use the Lightweight Directory Access Protocol (LDAP) to store secrets.

For Linux, Solaris, or AIX Servers

Filename	Description
libsss.so	The SecretStore service.
libssldp.so	The SecretStore LDAP transport plug-in.
libssncp.so	The SecretStore NCP transport plug-in.
liblsss.so	The LDAP SecretStore extension manager.

For HP-UX Servers

Filename	Description
libsss.sl	The SecretStore service.
libssldp.sl	The SecretStore LDAP transport plug-in.
libssncp.sl	The SecretStore NCP transport plug-in.
liblsss.sl	The LDAP SecretStore extension manager.

For Windows Servers

Filename	Description
sss.dlm	The SecretStore service.
ssldp.dlm	The SecretStore LDAP transport plug-in for Windows.
ssncp.dlm	The SecretStore NCP transport plug-in for Windows.
lsss.dll	The LDAP SecretStore extension manager.

For more information on SecretStore, see the following:

SecretStore-related information in Novell Developer Kits, available at:
- Novell SecretStore Developer Kit for C
- Novell SecretStore Developer Kit for Java
Novell AppNotes, May, 2003, A Technical Overview of Novell SecretStore 3.2
Novell AppNotes, June, 2003, Understanding the Novell SecretStore 3.2 APIs

Workstation Components

For the SecretStore 3.3.3 service release, the SecretStore client requires the following components:

NICI client: Enables the SecretStore client to provide all the encrypted traffic between SecretStore, the SecretStore client, the Novell Modular Authentication Services (NMAS^TM) client, and application connectors.

NMAS client: Enables single sign-on users (online or offline) to authenticate to eDirectory.

The NMAS client can confirm authentication during the following situations:

You are not logged in to eDirectory.
You are logged in to an eDirectory tree that is different from the one that the single sign-on client synchronizes with.
A default timeout has occurred.

SecretStore client: Provides the mechanism to access the SecretStore service and ensure secure transmission of secrets to and from eDirectory.

The SecretStore client collects secrets (for example, usernames and passwords), recognizes an application credential or password field, and helps to authenticate users by passing the credentials to the application.

The SecureLogin client enables anyone to use applications without repeatedly entering passwords. A user can be logged in to or disconnected from a network.

NOTE: The NCP protocol is supported only on the Windows client platform.

SecretStore snap-in to ConsoleOne (sssnapin.exe): Enables administrators or users to create, configure, and administer SecretStore components.

Novell eDirectory automatically installs ConsoleOne^® on a server. However, to use ConsoleOne, you install the SecretStore snap-in to ConsoleOne on a client workstation (or to a directory on a server) and run ConsoleOne from a workstation.

The SecretStore installation program installs the snap-in. You can run the ConsoleOne snap-in on your workstation provided you have also installed the NICI component.

SecretStore Manager: Enables users to perform basic maintenance tasks on their SecretStore.

SecretStore Manager protects secrets by requiring NMAS authentication before a user can view secrets.

Although SecretStore Manager is not intended as the primary interface to SecretStore, it helps users manage SecretStore secrets.

The following figure illustrates SecretStore Manager:

SecretStore Status: Enables users to set their master passwords, unlock SecretStore, switch between eDirectory trees, or switch between eDirectory usernames associated with different trees or servers.

SecretStore Status is a light version of SecretStore Manager. The following figure illustrates SecretStore Status: