Frequent Visitor.

Decrypt nspmPasswordHistory and Question/Answers


We have been asked to move the existing password history and Question/Answer set's to another application so the users don't have to do so.

I am able to obtain the encrypted nspmPasswordHistory and sASLoginSecret attributes as well as the Server Key (via SDIDIAG). What is the process to actually decrypt the attributes using the server key?


Labels (1)
3 Replies
rrawson Honored Contributor.
Honored Contributor.

Re: Decrypt nspmPasswordHistory and Question/Answers

I don't believe that is possible, I am certain it is not for the challenge answers because they are non-reversibly hashed, not encrypted. As far as I am aware, only nspmDistributionPassword is retrievable via a special LDAP extension (because it has to be).

Knowledge Partner
Knowledge Partner

Re: Decrypt nspmPasswordHistory and Question/Answers

Interestingly, nspmDistributionPassword is the Distribution Password and can be retreieved.


nspmPassword is the actual Universal Password, and also can be retrieved (at least in IDM. I think I asked Jim if he could get it in his tool and he did not think he could...)

cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Decrypt nspmPasswordHistory and Question/Answers

There is no code in the nmas api to retrieve the  password history: https://www.microfocus.com/documentation/edirectory-developer-documentation/novell-modular-authentication-service/

It's also very old (no code change since 2009) ... 

There might be ways to get around this limitation, but that would require some debugging / hacking, which I'm not ready for 😉 



The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.