Switching a workstation between SecretStore and eDir modes

  • 7010027
  • 18-Jan-2012
  • 26-Apr-2012


Novell SecureLogin
NSL v 6.x
NSL v 7.x


Data (user secrets) captured by SecureLogin with SecretStore will be lost if you later remove SecretStore and use the base eDir mode. 
Data (user secrets) captured by SecureLogin without SecretStore will not be lost if you later add SecretStore.  
Switching a workstation  between SecretStore and eDir modes
Will I lose data if I switch between SecretStore and eDir modes?
How to change from SecretStore to eDirectory mode without reinstalling NSL
Where are SecureLogin settings stored in the registry?


When troubleshooting NSL, it is sometimes advisable to test both eDirectory and SecretStore modes on a workstation.  There are two ways to change from one mode to the other.
1 - Reinstall the NSL client, choosing the other mode.   or
2 - Edit the SecureLogin DataStore entry in the workstation's registry, as follows:   
for eDirectory mode:

PrimaryStore = NDS

for SecretStore mode:
PrimaryStore = SecretStore

(Obviously, for secret store mode SecretStore must be installed and running on a file server holding a replica of the user object.)


Additional Information

It is possible to lose secrets if you  move back and forth between eDir (NDS) mode to and SecretStore mode.   Login credential secrets are stored in different places depending on whether SecureLogin is using SecetStore or not.  Both modes store credentials as eDir attributes of the user; but not on the same attributes.   If SecretStore is not used, the base SecureLogin product stores user secrets in the attribute "Prot:SSO Entries."  If SecretStore is used credentials are store in the attribute "SAS:SecretStoreData."  The SAS:SecretStore attributes are hidden attributes and can only be read by SecretStore Clients or SecretSore utilities.  Therefore, credentials stored with SecretStore can not be read by SecureLogin without SecretStore.   However, credentials stored by SecureLogin without SecretStore can be read by SecureLogin with SecretStore.
Formerly known as TID# 10077291