AAVerify

Item Description

Use with:

Startup scripts, Terminal Launcher, Web, Windows

SecureLogin Version:

All (Arguments were added in version 3.0.)

Type:

Action

Usage:

AAVerify -Method NMAS sequence -User User object -Tree Tree name [?Result]

Arguments:

Method

User

Tree

[?Result]

The Novell® Modular Authentication Services (NMASTM) login method that you want to use. If you don't specify a method or login sequence, AAVerify uses the method that was chosen during initial authentication to the directory.

The DN of the user that you want to use for the AAVerify command. If you don't specify a username, AAVerify re-authenticates the currently logged-in user.The user's NDS® or eDirectoryTM tree name. This argument must be used with the -User argument.

An optional variable (preferably a temporary variable) that receives the result of the AAVerify command. The variable is set to either True for success or False for failure.

Description:

Used with SecureLogin Advanced Authentication or NMAS to verify the user, typically before the application Username and Password are retrieved and entered into the login box. AAVerify provides reauthentication to an application, using a strong login method. AAVerify is extremely secure.

For example, a user can be forced to enter a smart card and PIN before the application will log in via single sign-on, even though the application natively knows nothing about smart cards and PINs. If the verification succeeds, the [?Result] is set to True. Otherwise, it is set to False.

If NMAS is not installed on the workstation, the script sends an error, or an error is returned via [?Result].

To enable AAVerify with NMAS, make sure that nmas.dll is in the PATH. Also make sure that the NMAS client and specified login sequence are installed and properly configured. For details, see Novell Modular Authentication Services .

NMAS Specific: If AAVerify is called with no arguments, the currently logged-in user is re-authenticated by using the login method used for the current login.

AA Specific: When AAVerify is called in an AA environment, the -method parameter must be present. The method must be one of the following:

  • Any
  • Biometric
  • Smart card
  • Token
  • Password
  • Passphrase
  • Directory password
  • SecureID

If you specify more than one -method argument, you can re-authenticate with any of the specified methods. For example, the command could be used to request authentication using a fingerprint device or a smart card.

IMPORTANT:  When the AAVerify command is added to a script, AAVerify increases the security of the target application only if the script can't be altered. If the script can be modified or overwritten, the AAVerify command can be removed, thereby removing the additional security.

Therefore, restrict access to scripts through directory ACLs and SecureLogin settings. With such restrictions in place, only a small, trusted group of administrators can modify, add, or override scripts.

Syntax Examples:

AAVerify
AAVerify -Method "Enhanced Password" ?Result
AAVerify -Method "Enhanced Password" -User "mkurz" - Tree "Production" ?Result

Example:
Windows Script
The login dialog box is detected. However, before SecureLogin enters the user's credentials, it prompts the user to provide Advanced Authentication credentials (for example, a smart card and PIN, biometric device, or token).

 
# Login Dialog Box 
Dialog 
   Title "Login"  
   Ctrl #32770 
EndDialog 
 
AAVerify -Method "Enhanced Password" ?Result 
If ?Result Eq "True" 
   Type $Username #1001 
   Type $Password #1002 
   Click #1 
Else 
   Messagebox "Authentication failed. Verify that your smart card is inserted and that your PIN is correct. IT x453" 
EndIf