Novell Home

My Favorites

Close

Please to see your favorites.

SecureLogin returns PIN instead of Universal Password

This document (7011524) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ SecureLogin
NSL7.0.3
Novell Enhanced Smart Card Method
NESCM
 

Situation

SecureLogin does not provide the network password for NESCM users.
When a user log in with a smart card ?Syspassword shows the PIN instead of the Universal Password.
Log files shows the API NMAS_C32PwdStatus fail and return "NMAS_E_ACCESS_NOT_ALLOWED"
Problem only occurs if  "Allow user to initiate password change" is disabled in password policy settings.

Resolution

1. Verify that universal password has been enabled for the users, and
2. In the password policy settings, set "Allow user to initiate password change" to "enabled".

Additional Information

If the user has logged in with a smart card and SecureLogin is configured to use network credentials when logging in to an application, SecureLogin uses the NMAS_C32PwdStatus API to read the universal password.  The API NMAS­_C32PwdStatus is used both to read and to change the universal password.   Novell does not have separtate APIs for read password vs change password.  If users are not allowed to change their password, they are also not allowed to read it.  This is working as designed. 
 
 

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011524
  • Creation Date:17-DEC-12
  • Modified Date:17-DEC-12
    • NovellNMAS (Modular Authentication Service)
    • NetIQSecureLogin

Did this document solve your problem? Provide Feedback