The NMAS software image is available for download as a standalone product or it can also be bundled with other products, such as Novell eDirectory or NetWare. The software image includes the following:
NMAS server-side software must be installed on a NetWare 5.1 or later server, Windows NT/2000, or a UNIX server with eDirectory. NMAS client-side software must be installed on each Windows client workstation that will access the network using the NMAS login methods. After installation, NMAS is managed using the ConsoleOne or Novell iManager utility.
The NMAS server software is installed from a Windows client workstation. You must have Admin rights to the eDirectory Tree object and be connected to the NetWare server to install the NMAS server product.
The NMAS client software must be installed on each client workstation you want to use the NMAS login methods. The latest Novell ClientTM software must be installed on the client workstation before you install the NMAS client software.
All NMAS login methods (server software and snap-ins) are installed using the Login Method installation utility. The client software is installed using a Windows installation program. Several currently supported login methods are available on the NMAS software image.
NMAS software includes support for a number of login methods from third-party authentication developers. Refer to the NMAS Partners Web site for a list of authorized NMAS partners and a description of their login methods.
Each NMAS partner addresses network authentication with unique product features and characteristics. Therefore, each login method will vary in its actual security properties.
Novell has not evaluated the security methodologies of these partner products, so although these products might have qualified for the Novell Yes, Tested & Approved or Novell Directory Enabled logos, those logos relate to general product interoperability only.
We encourage you to carefully investigate each NMAS partner's product features to determine which product will best meet your security needs. Also note that some login methods require additional hardware and software not included with the NMAS product.
Universal Password enforces password policy uniformally across multiple authentication systems (such as Native File Access). Universal password also manages multiple types of password authentication methods from disparate systems. This is done by creating a common password that can be used by all protocols to authenticate users.
Universal Password is managed by the Secure Password Manager (SPM), a component of NMAS module (nmas.nlm on NetWare). SPM simplifies the management of password-based authentication schemes across a wide variety of Novell products as well as our partner's products.The managment tools will only expose one password and will not expose all of the behind-the-scenes processing for backwards compatibility.
For more background on Universal Password, see the NetWare 6.5 Security Overview.
For information on deploying Universal Password, see the Universal Password Deployment Guide.
You can manage NMAS through a ConsoleOne snap-in module or through a Novell iManager plug-in module. ConsoleOne is the Java* authored, GUI-based utility for managing eDirectory. Novell iManager is a Web-based utility for managing eDirectory. Specific property pages in each utility let you manage login methods, login sequences, enrollment, and graded authentication.
During the installation of these modules, NMAS extends the eDirectory schema and creates new objects in the Security container in the eDirectory tree. These new objects are the Authorized Login Methods container, the Authorized Post-Login Methods container, the Security Policy object, and the Login Policy object. All login methods are stored and managed in the Authorized Login Methods container. All post-login methods are stored and managed in the Authorized Post-Login Methods container.
By default, NMAS installs the standard NDS password login method. Additional login methods can be installed using a wizard launched from the Authorized Login Methods container using the Create New Object option. Post-login methods can be installed using a wizard launched from the Authorized Post-Login Methods container using the Create New Object option.
IMPORTANT: Run ConsoleOne from a Windows client workstation by using the ConsoleOne executable located on the server at server_name: sys\public\mgmt\consoleone\1.2\bin\consoleone.exe.