This section provides information on the following:
You can apply SecureLogin settings to a Container object, a User object, or a workstation.
Settings applied to a Container object affect all users and objects in and below that Container object.
Settings applied to a User object supersede the settings applied to a Container object or to a workstation.
You can give users the ability to apply settings to a workstation. However, any settings applied to a User object supersede settings applied to a workstation.
You can set up SecureLogin for users by changing default values on the Settings page. Some settings are user settings. Others are administrative settings. Users can change (override) user settings on their workstations. Even if an administrator makes a user setting, users can override it. However, users can't override administrative settings.
Click Settings.
Click a setting, click Edit, change the value by using the drop-down list, then click OK.
To customize text for the passphrase setup dialog box, type the text. The customized text replaces the default text.
Save changes by clicking OK or Apply.
To access the Settings tab for Active Directory:
Select a Container or User object from the Active Directory Users and Computers in MMC, then select Properties.
Select the Settings tab from the SecureLogin SSO tab of the properties dialog box.
The following table provides information on the settings. If you are running in standalone mode, not all settings are displayed.
SecureLogin uses an underlying security mechanism, known as a passphrase. A passphrase is actually two parts:
The passphrase question should provide a good level of security for the actual answer. For example, a question of "What is 2 times 3?" would obviously not provide a secure passphrase answer. The same could be said for questions that pertain to a user's personal information, such as parents' names.
To apply an acceptable level of security, the SecureLogin administrator can set the passphrase question.
Passphrase questions can have 255 characters.
The passphrase answer is a value that is unique to each user and should only be known by the account owner.
The figure in Entering a Passphrase Question and Answer illustrates the dialog box that collects your passphrase question and answer.
The passphrase should not be confused with the normal login. A passphrase is used to protect the user's single sign-on credential information.
To prevent a rogue administrator from resetting a user's password and attempting to gain access to a user's single sign-on information, SecureLogin prompts for the passphrase whenever SecureLogin recognizes that tampering or an administrative password change has been performed on the user's account.
This passphrase is also used when the user accesses cached login data while not authenticated to the directory.
The passphrase question and answer help you access your login data in the following situations:
NOTE: You can't manage passphrase security in standalone mode.
As the following figure illustrates, a dialog box enables you to provide a passphrase question and answer. You encounter this dialog box after you install and first run SecureLogin.
SecureLogin uses the question and answer to ensure that no one else uses your login credentials to access your applications. Choose passphrase information that you'll be able to recall months or years from now.
NOTE: For a passphrase to display properly on multi-byte platforms (for example, Japanese and Chinese), users must use single-byte characters when entering a passphrase.
If you use Novell SecretStore, a specially-designated SecretStore Administrator might unlock your directory-based data stores on your behalf. When you next log in, you encounter a passphrase answer prompt. For more information, see "Setting Up a SecretStore Administrator" in the Novell SecretStore 3.3.0 Administration Guide.
You can provide preset passphrase questions for users to respond to or enable users to enter their own passphrase question.
In ConsoleOne, right-click a Container object, then click Properties.
You can provide passphrase questions for User objects, provided a user has used SecureLogin and set a passphrase question.
Click Novell SecureLogin, then select Advanced Settings.
In the Passphrase Questions dialog box, click New.
To edit a passphrase question, select it, click Edit, make changes, click OK, then click Apply.
Type a question, then click OK.
Click Apply.
By default, users can enter their own passphrase questions. To disallow user-set questions and require users to select a preset question:
In an administrative tool, select Novell SecureLogin > General Settings, then click Settings.
Click Prevent Users from Entering a Passphrase Question, click Edit, select Yes from the drop-down list, click OK, then click Apply.
When users first encounter SecureLogin, SecureLogin prompts them to enter a passphrase question and answer. See Entering a Passphrase Question and Answer. You can edit that text and provide customized instructions.
Click Settings.
Select Customize Text for the Passphrase Setup Dialog Box, then click Edit.
NOTE: Because the primary data store is unavailable in standalone mode, many SecureLogin management features are not available in that mode.
Type text in the Value pane, then click OK.
Although your introductory text can have 8 lines with 64 characters in each line, limit your text to 415 characters. If you type too many lines, the text boxes for the passphrase question and answer will hide them.
Click Apply.
By default, SecureLogin requires a passphrase that has at least six characters. To set other requirements:
Click Settings.
Scroll to and select Use a Passphrase Policy.
In the Editing a Setting dialog box, require a passphrase policy by changing the value to Yes.
(Optional) To edit the passphrase policy, click Edit Policy.
Save the setting by clicking OK twice.
During installation, you encountered a Post-Install screen that displayed the following options:
If you checked the Start SecureLogin on Windows Startup check box, SecureLogin places the SecureLogin icon on the system tray whenever you start the computer.
To prevent users from displaying and accessing the system tray icon:
Click Settings.
Select Display the System Tray Icon, then click Edit.
Using the drop-down list, change the value to No.
If you turn off the SecureLogin icon on the system tray and then use another tool to change the data, the changes won't take effect until the workstation is restarted.
To use login data when you work offline, you can store login data in encrypted files on your workstation. By default, these cache files are located in the \documents and settings\[profile]\application data\securelogin\cache directory.
To disable the cache by using SecureLogin:
Right-click the SecureLogin icon on the system tray, select Advanced, then select Change Settings.
Select Settings > Enable Cache File.
Click Edit, set the value to No, then click OK twice.
To disable the cache by using administrative tools:
Right-click the Container or User object, then click Properties > Novell SecureLogin > General Settings > Settings.
Select Enable File Cache, click Edit, then set the value to No.
Save the changes by clicking OK twice.