Requiring NMAS Authentication before Application Authentication
Articles and Tips: qna
01 Apr 2002
Q.
I have verified that I can require a Novell Modular Authentication Service (NMAS) authentication verification in an NSL script in order to get the single sign-on benefit to a Web site or to an application through the AAVerify script command. But doing this does not require the NMAS authentication. If you bypass the NMAS authentication, you just have to provide the application credentials.
For a military customer, what I need to know is how I can require the NMAS authentication prior to authenticating to the application? This would truly provide strong authentication without modifying the application. Does anyone know how to do this?
Wanting Security in Szombathely
A.
Dear Wanting: The only way to require another authentication is to have the application use NMAS APIs that check the user's clearance level. If the user hasn't authenticated properly, the application calls for an NMAS login.
This has always been a problem with applications, since there is no general security model for them to use. If an application is written for Windows 2000, they can use Kerberos and Active Directory, but that won't help on other systems.
With NetWare, you could place the application on a security-enabled volume. Then only users with proper clearance could access that volume. If the application is Web-based, you could use iChain. However, iChain's authentication isn't as capable as that of NMAS.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.