7.1 Overview

HOTP is an HMAC-based one-time password (OTP) algorithm. An OTP is a password that is valid for only one login session or transaction. An OTP provides better performance than the traditional (static) passwords because there are less chances of security attacks associated with it. A potential intruder who records an OTP that has been used to log into a service or to conduct a transaction, cannot manipulate it because it has already been used once and is no longer valid.Every OTP based authentication requires an OTP server and an OTP client (hardware/software token). Implementation of OTP based authentication in NMAS is based on the RFC 4226 standard. Traditionally, the NDS password that was individually presented to the server is now appended to the OTP to enhance the password based authentication by retaining all the client components and their user interface.The authentication to eDirectory server is done through the HOTP feature by using LDAP-based login or NetWare Core Protocol (NCP)-based login.

7.1.1 LDAP-Based Login


Login Method

An HOTP-enabled user can perform LDAP bind by concatenating the NDS password with the HOTP value.

For example,

ldapsearch -D cn=user1,o=novell -w secret40338314 -h -p 389 -b   "o=novell" -s sub -LLL dn

7.1.2 NCP-Based Login

A HOTP-ready/enabled user can perform NCP login by concatenating the NDS Password with the HOTP value by using any of the following utilities:

  • ndslogin

    For example,

    ndslogin user1.org -h org.com -p secret40338314
  • iManager (replace the existing libnmasclnt.so file in the iManager-installed location)

  • iMonitor