Novell Modular Authentication Service (NMAS) version 3.1.3
Novell eDirectory 126.96.36.199 for All Platforms
Novell eDirectory 8.8.1 for All Platforms
Novell Identity Manager 3.5
The schema files are provided with the Netware build of ss204 in the SECURITY\NMAS\files\schema directory. They can also be obtained from the Identity Manager 3.5 media. They are not present in the Security Services build for other platforms.
The new attributes
that NMAS will start to use on version 3.1.3 are the
Time stamp of last time the entry's password was changed.
Timestamp of time that the account was locked by intruder detection.
Timestamps of the consecutive login failures.
When set to TRUE the user's password is not expired when the administrator sets the password.
When set to to FALSE or does not exist then the password expiration configuration as defined by the password policy is enforced.
Specifies the maximum number of used passwords stored in the nspmPasswordHistory attribute. If this attribute exists then the values of the nspmPasswordHistoryLimit, the nspmPasswordHistoryExpiration, and the Password Unique Required are ignored
If TRUE the user's password will not expire.
If FALSE or does not exist the password expiration configuration as
defined by the password policy associated with the user
will be enforced.
Besides the addition of these attributes, the Excluded Passwords list is now able to handle wildcards.
Another modification made to the schema with the files specified above was the following change in containment:
nspmPasswordPolicyContainer is now contained in "Country","Domain", "Locality", "Organization", and "Organizational
nsimChallengeSet is now contained in "Country", "Domain","Locality", "Organization", and "Organizational Unit".
nspmPasswordPolicy is now contained in "Country".
The addition of the pwdInHistory integer attribute to the
nspmPasswordPolicy class is a change from the approach that was
previously in use by the password history implemented in Universal
Password. Until this version the only way to implement a history
limit was to restrict this list in time and size. The list was a
linear list and if the history size limit was set too low, it would
be possible to run out of space and the user would get a "History
With the new feature it's possible to limit just how many passwords will be stored (for example, the last 10 passwords the user used). The behavior of the list is now that of a circular list, the older entries will be removed as new entries are stored.
In order to administer these new features it's necessary to use iManager with the Identity Manager 3.5 plug-in. Notice that this plug-in is not backwards compatible with previous versions of IDM 3.0.1. If you have previous versions of IDM in your environment, consider installing the new plug-in to an instance of Mobile iManager (workstation based version of iManager).