2.0 Understanding the Client Login Extension

The Client Login Extension (CLE) facilitates password self-service by adding a link to the Novell and Microsoft GINA login clients. When users click the Forgot Password link in their login client, the CLE launches a restricted browser to access the Password Self-Service feature on the login clients. This feature assists in reducing help desk calls from people who forget their passwords.

GINA Support

In Windows 2003 and Windows XP, the password recovery support is available for graphical authentication interfaces such as GINA.

In the absence of the Novell Client and LDAP clients, the password recovery support is provided by the default Microsoft GINA implemented by the Client Login Extension.

Credential Provider Support

In Windows Vista and Windows 7, password recovery support is available for graphical authentication interfaces such as Credential Provider for LDAP clients and the Novell Client. In the absence of these clients, the password recovery support is provided by the default Microsoft Credential Provider implemented by the Client Login Extension.

CLE provides a credential provider filter component to filter out any existing credential provider in the user system. If the Novell Client or SecureLogin credential provider is present, then Client Login Extension filters the credential provider provided by the Client Login Extension.

Desktop Automation Services

Password recovery support through the Client Login Extension tool is also available for locked workstations and for workstations in which user operations are controlled by Desktop Automation Services (DAS).

Configuring the Password Self-Service Feature

The Administrator runs the Configuration Utility of Client Login Extension and provides registry entries for the MSI file. The registry entries for the MSI file include a welcome note, text to be shown as a link, URL of the target server, and other required options. The entered values are displayed as fields on the restricted password self-service browser. The user who forgot the password should provide the required values in the self-service browser and retrieve the forgotten password.

The Client Login Extension supports the Self Service Password Reset (SSPR) application. For information on installing and configuring the SSPR application, see Novell Self Service Password Reset 2.0.0 User Guide.

Running the Configuration Utility of the Client Login Extension configures the Client Login Extension MSI file, which you then install on client workstations running the Novell Client software, Novell SecureLogin 7.0 SP1, Microsoft Credential Provider, or the Microsoft GINA. The Client Login Extension works on Windows 7, Windows XP, Windows Vista, and Windows 2000 workstations.

The Client Login Extension MSI files are available in a number of different languages. You must configure the Client Login Extension file for each language, including English, before it can be used.

The Client Login Extension Configuration utility allows the system administrator to specify the following configuration information for the Client Login Extension MSI file:

NOTE:The Client Login Extension for Novell Identity Manager works with native Microsoft GINA, Novell SecureLogin 7.0 SP1, and the Novell Client 4.91 SP3 or later. This utility does not work with any application that alters Microsoft GINA, except the Novell Client 4.91 SP3 or later. The Client Login Extension has been tested for use on licensed Novell Identity Manager 3.5 and later systems.

The remaining sections in this guide step you through installing and using the Client Login Extension Configuration utility to configure the Client Login Extension MSI files. The instructions for using the Client Login Extension MSI files are also included.