gdrtx Absent Member.
Absent Member.

Where are challenge response sets stored in eDir?

When users set challenge response questions and answer pairs is this
data stored in the sASLoginSecret attribute within eDirectory (provided
SSPR is pointed to eDir)? If so, would SSPR be able to read/validate
user challenge response questions and answers stored in that attribute
if the values were written there by another application?

The reason I ask is SSPR is being implemented to replace an existing
password management system. The existing system looks to have been
calling NMAS to store that data in eDirectory (possibly the
sASLoginSecret attribute). There is a desire to not require users to
re-register challenge response questions if it is not necessary. If
SSPR can read existing values set by its predecessor then we are all
good but I have not run across this before.

gdrtx's Profile:
View this thread:

1 Reply
Knowledge Partner
Knowledge Partner

Re: Where are challenge response sets stored in eDir?

If you setup SSPR to use NMAS on the backend (because it knows how to do
that) then it works as you hope. You can also have it store values on
custom attributes (pwmResponseSet, as I recall) going forward so you can
get more functionality out of the system while preserving, for now, old
challenge/response data.

As always, wise to test in a good test environment. SSPR is made to
replace the older NMAS-enabled things, though, such as the IDM User

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.