Setting Up a Passphrase Question and Answer

When you use SecureLogin, information for logging in to applications is collected and saved to one or more data stores. This information is used to provide single sign-on to those applications in the future. Depending upon the installation options that you have chosen, login data is stored in the following areas:

• An encrypted cache file on your workstation
• Encrypted attributes on your User object in eDirectory
• Your SecretStore in eDirectory

As an enhanced security feature, SecureLogin detects administrative NDS or eDirectory password changes so that no one else can gain access to your login data stores.

When first run, SecureLogin prompts you for a passphrase question and answer. This information helps you access your login data in the following situations:

• You aren't authenticated to NDS or eDirectory.
• The network connection is lost.
• You are using a laptop computer and are out of contact with the network
• You forget your NDS password and have it reset for you.
• Your credential store was locked when an administrator inappropriately reset your NDS password.

Choose passphrase information that you'll be able to recall months or years from now.

NOTE:   For a passphrase to display properly on multi-byte platforms (for example, Japanese and Chinese), users must use single-byte characters when entering a passphrase.

The following figure illustrates the dialog box that collects your passphrase question and a passphrase password:

After the passphrase information is entered, you won't see this screen again unless you use the Change Passphrase option to reset your password or log in to eDirectory as a different user.

When using SecretStore, a specially-designated administrator might unlock your directory-based data stores on your behalf. Therefore, don't be surprised if a call to the help desk to have your eDirectory password reset doesn't result in a passphrase answer prompt when you next login. This feature is only available when using SecretStore and the SecretStore Administrator feature. (For more information, see Setting Up a SecretStore Administrator Novell SecretStore Administration Guide.)

Disabling the Local Cache

Your local login data can be stored for offline access in encrypted files on your workstation. These cache files are located in the program files\novell\securelogin\cache directory. The files are triple Data Encryption Standard (3DES) encrypted.

If you forget the cache passphrase answer password and are not able to log in using your eDirectory password, you will have to delete and recreate the cache files. SecureLogin automatically recreates cache files, provided you are authenticated to the network.

To turn off caching functionality:

1. At the SecureLogin main screen, select Change Settings.

2. Uncheck the Enable File Cache check box, then click OK.

   The following figure illustrates this check box: