5.5 Passphrase Security System Scenarios

The information provided in this section describes the user experience in environments where the passphrase security system has been enabled and disabled.

Scenario 1: The passphrase security system is disabled in a previously enabled environment

When the passphrase security system is disabled in an environment where it was previously enabled, the following message appears to users the next time they log in.

Figure 5-1 Passphrase Security Prompt

If the user clicks OK, the disabling of the passphrase security system is approved and the user is prompted for the current password. The approval is complete when the user provides the password.

If the user click Cancel, the passphrase security system disabling is delayed and the user is prompted with the message until he or she clicks OK to approve the change.

NOTE:Users must answer the passphrase answer to prevent the administrators to toggle this preference and allow an unauthorized user access Novell SecureLogin.

Scenario 2: The passphrase security system is re-enabled in a previously disabled environment

If the passphrase security system is re-enabled, the Passphrase Setup dialog box is displayed (similar to when a user logs in for the first time after installing Novell SecureLogin.)

If the user clicks OK, the user resets the passphrase question and answer.

If the user clicks Cancel, there is a delay in enabling the passphrases for the user’s workstation. The user is prompted at subsequent log ins until he or she specifies a passphrase question and answer.

Scenario 3: The passphrase security system is disabled and the user has changed his or her passwords (restrictions for moving user objects)

If you reset the user’s password when the passphrase security system is disabled:

Scenario 4: Forgotten Passphrase

If a user forgets SecureLogin data, including his or her passphrase or passphrase answer, you must delete the user’s existing SecureLogin datastore.

After the datastore is deleted, the user’s corporate applications, credentials, preferences, and user policies are permanently removed. You must then reset the user’s corporate password before he or she can log in and reconfigure the applications by using Novell SecureLogin.

The next time Novell SecureLogin starts, he or she must manually log in. Novell SecureLogin then detects that a passphrase is not set and prompts the user to set up the passphrase before continuing. You can create a list of predefined list of passphrases questions.

After the user has set a new passphrase, he or she must re-enter the application usernames and passwords. If it is not done, an unauthorized could breach security by clearing the passphrase, entering a new passphrase, and accessing the actual user’s credentials.

You might need to reset the user’s application passwords as they might have forgotten them.