Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

SecureLogin returns PIN instead of Universal Password

This document (7011524) is provided subject to the disclaimer at the end of this document.


NetIQ SecureLogin
Novell Enhanced Smart Card Method


SecureLogin does not provide the network password for NESCM users.
When a user log in with a smart card ?Syspassword shows the PIN instead of the Universal Password.
Log files shows the API NMAS_C32PwdStatus fail and return "NMAS_E_ACCESS_NOT_ALLOWED"
Problem only occurs if  "Allow user to initiate password change" is disabled in password policy settings.


1. Verify that universal password has been enabled for the users, and
2. In the password policy settings, set "Allow user to initiate password change" to "enabled".

Additional Information

If the user has logged in with a smart card and SecureLogin is configured to use network credentials when logging in to an application, SecureLogin uses the NMAS_C32PwdStatus API to read the universal password.  The API NMAS­_C32PwdStatus is used both to read and to change the universal password.   Novell does not have separtate APIs for read password vs change password.  If users are not allowed to change their password, they are also not allowed to read it.  This is working as designed. 


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011524
  • Creation Date:17-DEC-12
  • Modified Date:17-DEC-12
    • NetIQSecureLogin

Did this document solve your problem? Provide Feedback