Server and Workstation Components
This topic describes SecretStore components for servers and workstations.
Server Components
For NetWare Servers
sssi.nlm |
The Novell SecretStore installation NetWare Loadable ModuleTM (NLM). Sssi.nlm extends the eDirectory schema, installs the Novell SecretStore server and its plugins (sss.nlm, ssldp.nlm, and ssncp.nlm), configures the eDirectory LDAP server to enable SecretStore extensions, and initializes or validates the Security Domain Infrastructure (SDI) on NetWare®. You use nwconfig.nlm to load sssi.nlm. NOTE: On UNIX, the ss_install script is the equivalent of sssi.nlm. Windows Server* has its own complete GUI install. |
sss.nlm |
The Novell SecretStore service. SecretStore provides a secure infrastructure for storing and retrieving secrets and credentials in eDirectory. SecretStore uses NICI and SDI to safely and securely store a user's secrets. Novell SecureLogin, Novell Portal Services, and Novell iChain® all provide single sign-on functionality to applications that use SecretStore. Upon a successful authentication of the user to an application, the SecretStore-enabled application stores the application's login credential in SecretStore. From then on, when the user logs in to eDirectory and launches the application, the single sign-on client retrieves the application password from SecretStore, provides it to the application or Web site in the background, and authenticates the user. |
ssldp.nlm |
The SecretStore LDAP transport plug-in. |
sssncp.nlm |
The SecretStore NCPTM transport plug-in. |
lsss.nlm |
The LDAP SecretStore extension manager. Enables applications to use the Lightweight Directory Access Protocol (LDAP) to store secrets. |
For Linux, Solaris, or AIX Servers
libsss.so |
The SecretStore service. |
libssldp.so |
The SecretStore LDAP transport plug-in. |
libssncp.so |
The SecretStore NCP transport plug-in. |
liblsss.so |
The LDAP SecretStore extension manager. |
For HP-UX Servers
libsss.sl |
The SecretStore service. |
libssldp.sl |
The SecretStore LDAP transport plug-in. |
libssncp.sl |
The SecretStore NCP transport plug-in. |
liblsss.sl |
The LDAP SecretStore extension manager. |
For Windows Servers
sss.dlm |
The SecretStore service. |
ssldp.dlm |
The SecretStore LDAP transport plug-in for Windows. |
ssncp.dlm |
The SecretStore NCP transport plug-in for Windows. |
lsss.dll |
The LDAP SecretStore extension manager. |
For more information on SecretStore, see the following:
Workstation Components
For the SecretStore 3.3.3 service release, the SecretStore client requires the following components:
NICI client: Enables the SecretStore client to provide all the encrypted traffic between SecretStore, the SecretStore client, the Novell Modular Authentication Services (NMASTM) client, and application connectors.
NMAS client: Enables single sign-on users (online or offline) to authenticate to eDirectory.
The NMAS client can confirm authentication during the following situations:
- You are not logged in to eDirectory.
- You are logged in to an eDirectory tree that is different from the one that the single sign-on client synchronizes with.
- A default timeout has occurred.
SecretStore client: Provides the mechanism to access the SecretStore service and ensure secure transmission of secrets to and from eDirectory.
The SecretStore client collects secrets (for example, usernames and passwords), recognizes an application credential or password field, and helps to authenticate users by passing the credentials to the application.
The SecureLogin client enables anyone to use applications without repeatedly entering passwords. A user can be logged in to or disconnected from a network.
NOTE: The NCP protocol is supported only on the Windows client platform.
SecretStore snap-in to ConsoleOne (sssnapin.exe): Enables administrators or users to create, configure, and administer SecretStore components.
Novell eDirectory automatically installs ConsoleOne® on a server. However, to use ConsoleOne, you install the SecretStore snap-in to ConsoleOne on a client workstation (or to a directory on a server) and run ConsoleOne from a workstation.
The SecretStore installation program installs the snap-in. You can run the ConsoleOne snap-in on your workstation provided you have also installed the NICI component.
SecretStore Manager: Enables users to perform basic maintenance tasks on their SecretStore.
SecretStore Manager protects secrets by requiring NMAS authentication before a user can view secrets.
Although SecretStore Manager is not intended as the primary interface to SecretStore, it helps users manage SecretStore secrets.
The following figure illustrates SecretStore Manager:
SecretStore Status: Enables users to set their master passwords, unlock SecretStore, switch between eDirectory trees, or switch between eDirectory usernames associated with different trees or servers.
SecretStore Status is a light version of SecretStore Manager. The following figure illustrates SecretStore Status: