?syspassword returns pin instead of AD Password

  • 7014196
  • 27-Nov-2013
  • 26-Aug-2014

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Environment

Novell SecureLogin 7.0.3
NetIQ SecureLogin 8
Smart card integration 
Installed in Active Directory mode

Situation

Password fails with SecureLogin application configured for  network (Active Directory) password 
Problem occurs after smart card login, does not occur after logging in with password 
“Type ?syspassword†command returns PIN instead of password after smartcard logon

Resolution

Two options:

1. Check with the smart card middleware vendor.  It is the responsibility of the middleware to retrieve the username and password from AD at login.  Some middleware will require a configuration change, other middleware will not support this feature.  

2. Install NetIQ Advanced Authentication Framework.  For details see the  NetIQ Advanced Authentication Framework product page or documentation.

Additional Information

NetIQ Advanced Authentication Framework currently supports the following cards and card readers:

Supported contactless card readers
HID OMNIKEY 4121 CL, 5021 CL, 5321 serie, 5325 serie, 5326 DFR, 5427 CK; RFIDeas pcProx serie, LEGIC AIR ID series.

Supported contactless smart cards
HID iClass serie; HID Prox serie; MIFARE Classic 1K/4K, Ultra Light, Ultra Light C, Plus; MIFARE DESFIRE 0.6, MIFARE DESFIRE EV1; iCLASS SE/SR, MIFARE SE, DESFire; EV1 SE; AWID; Cardax; CASI-RUSCO; Deister; DIGITAG; EM 410x; Farpointe Data; GProx II; HiTag 1, S & 2; Indala (Motorola); ioProx (Kantech); Keri NXT; Keri Nexwatch (Honeywell); Pyramid; Radio Key; ReadyKey Pro; Secura Key; Rosslare; Advant CSN (Legic); eTag CSN; I-Code CSN; I-tag CSN; ISO 14443A CSN1; ISO 15693 CSN; my-d CSN; Tag-It CSN.


To see the exact value returned by the ?syspassword, create a script for notepad.exe that shows system credentials, as follows:
1. Right click the NSL “hand†icon in the system tray and select “Manage Logins.â€
2. Right click “applications†and select “New.â€
3. In the “New Application†dialog select “Windows†as the application type, enter “notepad.exe†in the EXE field,  type a description and click OK.
4. Open the “Definition†tab and enter the following application definition:
   Dialog
  Title "Untitled - Notepad"
EndDialog
Type ?sysuser
Type \n
Type ?syspassword

5. Save the new application definition by clicking OK or Apply.
6. Launch notepad.exe.  The system credentials that have been captured by SecureLogin will be typed in the notepad window.  WARNING:  Your network password will be typed in clear text in notepad.