No prompt for RSA SecurID Token authentication

Two-factor authentication is required.

Without Novell Client installed, RSA SecurID token authentication is working normally.

After installing the Novell Client, the Novell Client login screen appears, and the user is never prompted for their RSA SecurID token.

Enable the Novell Client "passive login" configuration. This is accomplished by navigating to: System Tray > Red N > Novell Client Properties > Advanced Login tab

and configuring the following two settings:

1. Novell Logon = Off
2. Login with Non-Novell Credential Provider = On

The corresponding registry entries for the two settings are:

Novell Logon
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Authentication\NCCredProvider]
REG_DWORD "Enabled" = 0

Login with Non-Novell Credential Provider
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\Initial Login]
REG_SZ "Login With Non-Novell Credential Provider" = YES

The RSA Authentication Agent is designed to only  recognize and interact with the Microsoft credential provider. When the Novell credential provider is installed as part of the Novell Client, the RSA Authentication Agent becomes inactive. Enabling the "passive mode" or "non-Novell credential provider" configuration causes the Microsoft credential provider to be the active credential provider such that the RSA Authentication Agent again becomes active. The Novell credential provider is also loaded, and once the user has completed the RSA token authentication, continues with the eDirectory authentication, login script execution, etc. as it would normally do were it the "main" credential provider.