1.3 Understanding Challenge-Response Storage Methods

SSPR supports the following directories to store users’ challenge-responses:

  • LDAP Directory

  • LocalDB

  • Database

You can configure SSPR to use any one or all three directories to save users’ challenge-responses. When a user attempts to recover a forgotten password, SSPR reads the directories that you have configured. SSPR reads each configured location until it finds the relevant policy in the order that you specify during configuration.

A valid policy must meet the requirements of the user’s current challenge-response policy.Challenge-responses are stored in the locale that the user’s browser selects during configuring responses. During the forgotten password recovery process, SSPR uses answers in the same locale regardless of the current browser locale settings. SSPR stores answers by using a standardized XML format. Depending on the configuration, SSPR stores answers as plain text or one way hashed (encrypted) by using SHA1, Salted SHA1, or bcrypt.

NetIQ eDirectory Integration

SSPR can read password and challenge policies from eDirectory. After saving a user’s challenge-response answers, SSPR can optionally write the challenge-response answers to the NMAS challenge-response format in addition to the configured methods. This enables interoperability of SSPR with other Novell products such as Novell Client for Windows.

NOTE:SSPR does not save helpdesk challenge-response answers to NMAS. SSPR always considers the NMAS-stored responses as additional responses. SSPR prefers to read and is required to store the responses in one of the non-NMAS formats to utilize the additional features of SSPR responses.