24.2 NMAS Software

NMAS is included as a bundled product with NetIQ eDirectory. The software image includes the following:

  • NMAS server software

  • Login methods software

  • Support for multiple login methods per login sequence

  • Support for graded authentication

  • Universal Password

NMAS client software is available with the NetIQ Client for Windows and with NetIQ SecureLogin.

24.2.1 Server and Client Software Installation

NMAS server-side software is installed with eDirectory by default. NMAS client-side software must be installed on each client workstation that will access the network using the NMAS login methods. After installation, you can manage NMAS by using iManager.

The NMAS client software now ships with the NetIQ Client. For more information, refer to the NetIQ Client for Windows documentation.

During the installation, NMAS extends the eDirectory schema and creates new objects in the Security container in the eDirectory tree. These new objects are the Authorized Login Methods container, the Authorized Post-Login Methods container, the Security Policy object, and the Login Policy object. All login methods are stored and managed in the Authorized Login Methods container. All post-login methods are stored and managed in the Authorized Post-Login Methods container.

24.2.2 Login Method Software and Partners

Software and Partners

Several currently supported login methods are available on the NMAS software image.

NMAS software includes support for a number of login methods from third-party authentication developers. Refer to the NetIQ Partners Web site for a list of NetIQ partners.

Each partner that develops login methods for NMAS addresses network authentication with unique product features and characteristics. Therefore, each login method varies in its actual security properties.

NetIQ has not evaluated the security methodologies of these partner products, so although these products might have qualified for the NetIQ Yes, Tested & Approved or NetIQ Directory Enabled logos, those logos relate to general product interoperability only.

We encourage you to carefully investigate each partner's product features to determine which product will best meet your security needs. Also note that some login methods require additional hardware and software not included with the NMAS product.

Installing a Login Method

NMAS login methods (server software, plug-ins, and snap-ins) can be installed by using the following:

  • nmasinst (available on all eDirectory platforms), which requires eDirectory to be installed

  • iManager plug-in

For more information on installing a login method, see Ways of Installing a Login Method

24.2.3 Universal Password

Universal Password is a way to simplify the integration and management of different password and authentication systems into a coherent network. It provides one password for all access to eDirectory, enables the use of extended characters in passwords, enables advanced password policy enforcement, and allows synchronization of passwords from eDirectory to other systems.

For more information on Universal Password, see Section 26.0, Managing Passwords.

24.2.4 iManager Management

You can manage NMAS by using iManager. NetIQ iManager is a Web-based utility for managing eDirectory. Specific property pages in iManager let you manage login methods, login sequences, enrollment, and graded authentication.

By default, NMAS installs the standard NDS password login method. Additional login methods can be installed by using iManager, and a wizard launched from the Authorized Login Methods container using the Create New Object option. Post-login methods can be installed using a wizard launched from the Authorized Post-Login Methods container using the Create New Object option.

For more information about installing login methods, see Ways of Installing a Login Method.