abertucci01 Absent Member.
Absent Member.
1148 views

E-Directory NMAS Challenge Set Questions


We are moving from PMF to SSPR (3.3.1) but still using the e-directory
NMAS Challenge Sets. In PMF when the user goes to claim their account
they are asked to pick 3 different questions from the 12 e-directory
questions. In SSPR, it's requiring the user to answer all of the
e-directory (12 different questions) challenge questions be able to move
forward. Is there a way in SSPR to limit the amount of questions
required to answer at setup? In the SSPR Configuration Editor under the
Challenge Policies/Minimum Random Challenges Required During Setup, we
have it set to 3, but it doesn't appear to be honoring that since it's
still asking us to answer all 12 questions.


--
abertucci01
------------------------------------------------------------------------
abertucci01's Profile: https://forums.netiq.com/member.php?userid=11452
View this thread: https://forums.netiq.com/showthread.php?t=55847

0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

abertucci01 wrote:

> PMF


Since this is an SSPR forum, I know what it is. What's "PMF"?

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

On 5/11/2016 1:21 AM, Lothar Haeger wrote:
> abertucci01 wrote:
>
>> PMF

>
> Since this is an SSPR forum, I know what it is. What's "PMF"?


Password Management Framework - product of Novell Custom Code
Development. Basically they have a SSPR like product, that predates it
by years that can be sold via consulting engagement. They have a list
of features, you buy the base PMF and select features. New features they
will develop for you for pay.

SSPR/PWM is basically an open source approach to something similar, but
developed totally separate.


0 Likes
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

Geoffrey Carman wrote:

> Password Management Framework - product of Novell Custom Code Development.
> Basically they have a SSPR like product, that predates it by years that can
> be sold via consulting engagement. They have a list of features, you buy the
> base PMF and select features. New features they will develop for you for pay.


Interesting. Never heard of it, though - a US-centric thing, maybe? Is it any
good/better than PWM/SSPR or a rather dying product, now that SSPR has become a
proper product?

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

On 5/11/2016 10:09 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>> Password Management Framework - product of Novell Custom Code Development.
>> Basically they have a SSPR like product, that predates it by years that can
>> be sold via consulting engagement. They have a list of features, you buy the
>> base PMF and select features. New features they will develop for you for pay.

>
> Interesting. Never heard of it, though - a US-centric thing, maybe? Is it any
> good/better than PWM/SSPR or a rather dying product, now that SSPR has become a
> proper product?


SSPR mostly replaces most of the functionality, but if you need wonky,
special, custom password rules, then PMF can be a good choice.


0 Likes
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

geoffc;2428479 wrote:
On 5/11/2016 10:09 AM, Lothar Haeger wrote:
> Geoffrey Carman wrote:
>
>> Password Management Framework - product of Novell Custom Code Development.
>> Basically they have a SSPR like product, that predates it by years that can
>> be sold via consulting engagement. They have a list of features, you buy the
>> base PMF and select features. New features they will develop for you for pay.

>
> Interesting. Never heard of it, though - a US-centric thing, maybe? Is it any
> good/better than PWM/SSPR or a rather dying product, now that SSPR has become a
> proper product?


SSPR mostly replaces most of the functionality, but if you need wonky,
special, custom password rules, then PMF can be a good choice.


I wouldn't say wonky. I'd say "industry standard" now.

For example, 90+% of my banking/credit card sites have me setup something like this:

Question 1: (Choose from pool of say 7 questions)
Question 2: (Choose from a DIFFERENT pool of 5 questions)
Question 3: (Choose from yet a THIRD different pool of 8 questions)

Very similar to how Novell/NetIQ themselves does it when you setup your free account.

PMF I believe does that.

SSPR as of the latest release that I installed, does not.
0 Likes
Knowledge Partner
Knowledge Partner

Re: E-Directory NMAS Challenge Set Questions

You need to answer all questions at setup since there will be 3 random questions asked from the pool of questions if you need to reset the password.

There is no way I know of to change this behavior.
The only solution is to remove some of the questions.

I guess PMF has some additional information that keeps reckord of what question the user wants to use, SSPR does not include this.
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: E-Directory NMAS Challenge Set Questions

You can control this with the setting:

LDAP -> NetIQ eDirectory -> eDirectory Challenge Sets -> NetIQ eDirectory Challenge Set Minimum Randoms During Setup

abertucci01;2428368 wrote:
We are moving from PMF to SSPR (3.3.1) but still using the e-directory
NMAS Challenge Sets. In PMF when the user goes to claim their account
they are asked to pick 3 different questions from the 12 e-directory
questions. In SSPR, it's requiring the user to answer all of the
e-directory (12 different questions) challenge questions be able to move
forward. Is there a way in SSPR to limit the amount of questions
required to answer at setup? In the SSPR Configuration Editor under the
Challenge Policies/Minimum Random Challenges Required During Setup, we
have it set to 3, but it doesn't appear to be honoring that since it's
still asking us to answer all 12 questions.


--
abertucci01
------------------------------------------------------------------------
abertucci01's Profile: https://forums.netiq.com/member.php?userid=11452
View this thread: https://forums.netiq.com/showthread.php?t=55847
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.