Environment
Novell Client 2 SP2 for Windows
Novell Client 2 SP2 for Windows Vista
Novell Client 2 SP2 for Windows 7
Novell Client 2 SP2 for Windows 2008
Novell Client 2 SP2 for Windows 2008 R2
Novell Client 2 SP2 for Windows Vista
Novell Client 2 SP2 for Windows 7
Novell Client 2 SP2 for Windows 2008
Novell Client 2 SP2 for Windows 2008 R2
Situation
Users want to be able to a login on multiple machines by using a Windows password stored on in eDirectory / SecretStore.
Resolution
In Novell Client for Windows 7, the "Single Sign-On" feature implemented by NMAS does not utilize SecretStore.
If the expectation is "I should be able to save by Windows password via Single Sign-On on Machine A, and then go login on Machine B and be able to transparently login to Windows because my Windows password will be retrieved from eDirectory or SecretStore", this is NOT going to be true on the Novell Client for Windows 7 implementation of "Single Sign-On".
On Novell Client for Windows XP/2003 it could work either way. If SecretStore was available on the eDirectory server(s), the secret would be saved to the server-side SecretStore service. But if SecretStore was not available, the secret would be saved to the local workstation only. So whether the "Machine A and Machine B" scenario worked on Windows XP/2003 depended on whether the SecretStore API was able to communicate with a server-side SecretStore service, or had to fall back to encrypting and saving the secret locally on the workstation.
On Novell Client for Windows 7, NMAS is always in the latter "encrypt and save on local workstation" case.
If the expectation is "I should be able to save by Windows password via Single Sign-On on Machine A, and then go login on Machine B and be able to transparently login to Windows because my Windows password will be retrieved from eDirectory or SecretStore", this is NOT going to be true on the Novell Client for Windows 7 implementation of "Single Sign-On".
On Novell Client for Windows XP/2003 it could work either way. If SecretStore was available on the eDirectory server(s), the secret would be saved to the server-side SecretStore service. But if SecretStore was not available, the secret would be saved to the local workstation only. So whether the "Machine A and Machine B" scenario worked on Windows XP/2003 depended on whether the SecretStore API was able to communicate with a server-side SecretStore service, or had to fall back to encrypting and saving the secret locally on the workstation.
On Novell Client for Windows 7, NMAS is always in the latter "encrypt and save on local workstation" case.