I have been tasked to evaluate whether we can replace the basic
functionality of the IDM User Application with a combination of the IDM
Engine and some other server side language (either ASP.NET or PHP are
the likely candidates). The functionality that I need is 1) Password
Change, 2) setting Challenge Response Questions, 3) changing Challenge
Response Questions and 4) using the Challenge Response questions to
drive a password change event. The intended target is a customer facing
application, so needless to say the actual IDM User Application is not
an option.

Changing the password is not a problem, I have that working (from a
pure R&D perspective). I am also certain that I can initiate a password
change, and code my application such that it does the necessary logic
regarding the challenge response set questions / answers.

Although I have not yet done so, I am fairly sure I can push challenge
response values into eDir, however my concern is with reading the
values afterward, since they would be encrypted via the non-reversible
encryption of the eDir tree. Am I better off creating my own custom aux
class and essentially implementing my own form of challenge response
sets, or is there actually a formal or better way to use the challenge
response features? Or am I totally off base here, and unless I'm using
the IDM User App or an NMAS enabled Client the Chall/Resp sets are
useless?

I did some searching for Challenge Response sets, and the only hit I
got was related to a Challenge Response Driver set that is now offline
(though I'm still curious if I would be able to read and use the values
via admin type user).

Thanks,

Mannie


--
MannieDavis
------------------------------------------------------------------------
MannieDavis's Profile: http://forums.novell.com/member.php?userid=15280
View this thread: http://forums.novell.com/showthread.php?t=325241