1.1 Server and Workstation Components

This topic describes SecretStore components for servers and workstations.

1.1.1 Server Components

Table 1-1 NetWare Servers




The Novell SecretStore installation NetWare® Loadable Module™ (NLM). It extends:

  • eDirectory schema

  • Installs the Novell SecretStore server and its plug-ins (lsss.nlm, sss.nlm, ssldp.nlm, and ssncp.nlm)

  • Configures the eDirectory LDAP server to enable SecretStore extensions

  • Initializes or validates the Security Domain Infrastructure (SDI) on NetWare

The NLM is currently a component of the eDirectory installation and is installed with the product installation.

NOTE:On all other platforms, such as UNIX* and Windows*, the server installation and configuration is also a component of eDirectory installation.


The Novell SecretStore service.

SecretStore provides a secure infrastructure for storing and retrieving secrets and credentials in eDirectory. SecretStore uses NICI and SDI to safely and securely store a user's secrets.

Novell SecureLogin, Novell Portal Services, Novell Identity Manager, Novell Access Manager, and Novell iChain® all provide single sign-on functionality to applications that use SecretStore.

Upon a successful authentication of the user to an application, if the application is enabled for SecretStore, the application stores its login credential in SecretStore. From then on, when the user logs in to eDirectory and launches the application, the single sign-on client retrieves the application password from SecretStore, provides it to the application or Web site in the background, and authenticates the user.


The SecretStore LDAP transport plug-in.


The SecretStore NCP™ transport plug-in.


The LDAP SecretStore extension manager. It enables applications to use the Lightweight Directory Access Protocol (LDAP) to securely store and retrieve secrets.

Table 1-2 SLES, Solaris, or AIX Servers




The SecretStore service.


The SecretStore LDAP transport plug-in.


The SecretStore NCP transport plug-in.


The LDAP SecretStore extension manager.

Table 1-3 Windows Servers




The SecretStore service.


The SecretStore LDAP transport plug-in for Windows.


The SecretStore NCP transport plug-in for Windows.


The LDAP SecretStore extension manager.

For more information on SecretStore, see the following:

1.1.2 Workstation Components

For the SecretStore 3.4.1 service release, the SecretStore client requires the following components:

NICI client: Enables the SecretStore client to provide all the encrypted traffic between SecretStore, the SecretStore client, the Novell Modular Authentication Services (NMAS™) client, and application connectors over NCP.

NMAS client: Enables single sign-on users to authenticate to eDirectory.

SecretStore client: Provides the mechanism to access the SecretStore service and ensure secure transmission, storage, and retrieval of secrets to and from eDirectory.

The SecretStore client collects secrets (for example, usernames and passwords), recognizes an application credential or password field, and helps to authenticate users by passing the credentials to the application.

The SecureLogin client enables anyone to use applications without repeatedly entering passwords. A user can be logged in to or disconnected from a network.

NOTE:The NCP protocol is supported only on the Windows client platform. Other platforms must use LDAP protocol.

SecretStore iManager plug-in: Enables administrators or users to create, configure, and administer SecretStore components and data through iManager. It is available on the supported server and client platforms.