B.1 Introduction
SecureLogin introduces six schema attributes to the Directory.
The attributes are added during installation using the appropriate
schema extension tool, depending on your choice of Directory for SecureLogin
data storage. In Novell® eDirectory™ environment, ndsschema.exe s
used and in Active Directory environments, adsschema.exe is
used.
These attributes are required for the encryption and storage
of SecureLogin data against directory objects such as user objects
and organizational units. These attributes are required for the
storage of SecureLogin data. The following descriptions include
the type of data stored for each attribute and the security rights
required to permit the data to be saved for the SecureLogin client.
B.1.1 Protocom-SSO-Auth-Data
This attribute contains all user-specific authentication data,
such as the passphrase.
Table B-1 Authentication data
Attribute Name |
Protocom-SSO-Auth-Data |
Classes assigned to |
User |
Syntax |
Octet String |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.2 |
B.1.2 Protocom-SSO-Entries
This attribute contains the following:
- All the user's login credentials,
including passwords.
- Specific Preferences and Application Definitions
at the user object.
- Corporate Application Definitions and preferences
at the container and organizational unit objects.
Table B-2 Entries
Attribute Name |
Protocom-SSO-Entries |
Classes assigned to |
Container, Organizational Unit, User |
Syntax |
Octet String |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.1 |
B.1.3 Protocom-SSO-Entries-Checksum
This attribute stores a checksum so that the SSO client can
easily determine whether a complete reload of SSO adapter information
is required.
Table B-3 Entries Checksum
Attribute Name |
Protocom-SSO-Entries-Checksum |
Classes assigned to |
Container, Organizational Unit, User |
Syntax |
Octet String |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.5 |
B.1.4 Protocom-SSO-Profile
This attribute stores the address of the organizational unit
to be redirected to.
Table B-4 Profile
Attribute Name |
Protocom-SSO-Profile |
Classes assigned to |
Container, Organizational Unit, User |
Syntax |
Distinguished Name |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.7 |
B.1.5 Protocom-SSO-Security-Prefs
This attribute stores data required for advanced Passphrase
Policies. This data includes administrator set passphrase questions,
passphrase help information and settings.
Table B-5 Security Preferences
Attribute Name |
Protocom-SSO-Security-Prefs |
Classes assigned to |
Container, Organizational Unit, User |
Syntax |
Octet String |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.3 |
B.1.6 Protocom-SSO-Security-Prefs-Checksum
A checksum used to optimize reading of the security Preference
attribute.
Table B-6 Security Preferences Checksum
Attribute Name |
Protocom-SSO-Security-Prefs-Checksum |
Classes assigned to |
Container, Organizational Unit, User |
Syntax |
Octet String |
Optional Flags |
Synchronize |
X.500 OID |
1.2.840.113556.1.8000.60.6 |
B.1.7 Security Rights Assignments
This section contains the following information:
User-Based Attributes
The directory user objects for people using the SecureLogin
software require the following attribute rights against their own
objects:
Table B-7 User-Based Attributes
Protocom-SSO-Auth-Data |
Read/Write |
Protocom-SSO-Entries |
Read/Write |
Protocom-SSO-Entries-Checksum |
Read/Write |
Protocom-SSO-Profile |
Read/Write |
Protocom-SSO-Security-Prefs |
Read/Write |
Protocom-SSO-Security-Prefs-Checksum |
Read/Write |
Container-Based Attributes
In addition, users require the following directory attribute
rights against all container objects:
Table B-8 Container-based Attributes
Protocom-SSO-Entries |
Read |
Protocom-SSO-Entries-Checksum |
Read |
Protocom-SSO-Profile |
Read |
Protocom-SSO-Security-Prefs |
Read |
Protocom-SSO-Security-Prefs-Checksum |
Read |