A pretty typical setup for my clients is to have a User App pointed at
the Vault, since Users tend to be well-grouped there, making
searches/logins faster, and some Vault server doesn't have much else to
deal with so it can handle the load without any problems.

In order for Password Self-Service to be reachable through the User
App, the Challenge Questions (or whatever other PWSS option) need to be
setup on the Vault. This presents the problem that when a User forgets
his password, he can't access the User App because they can't login,
and he can't use the "Forgot my password" link actually on the Novell
Client because the NC is pointed at the File and Print tree. Possible
solutions follow:

1. Have the User point the Novell Client at the Vault temporarily to
use PWSS. Not ideal because it requires User competence.

2. Use the Novell Client Extensions. The NCE is in a questionable
state and the options it presents were not ideal the last time I looked
at it. For instance, there wasn't much passthrough of information
possible from the Novell Client to the User App, meaning Users had to
enter their information potentially several times to reset passwords,
update expired password, enter CR information, etc. Right now I can't
even find the Novell Client Extension anywhere on the website so I
don't even know if is a real option.

3. Point the User App at the File and Print tree. This is not a
terrible option but it negates the benefit of the flat structure for
lookups and being able to utilize an under-utilized Vault server.
Novell's classes and training materials generally have User Apps
pointing at Vaults and it seems to be a recommended setup.

4. Have people go to a friend's computer to use the User App's PWSS.
Insecure and inconvenient.

5. Have some sort of User App kiosk. Again, inconvenient at the
least.

6. Have separate PWSS configured on the Vault and the F&P tree. This
would be unhelpful and #3 would be better.

This is all leading me to the question: what is the recommended
procedure for using the User App for secure Password Self-Service? Is
there one? The "Forgot my Password" link on the User App seems to
indicate that Novell wants that feature to be utilized but I'm unsure
how to get it done.

Furthermore, does Novell have a strategy for presenting Password
Self-Service with the new GINA-less Vista login method?


--
nate_spears
------------------------------------------------------------------------
nate_spears's Profile: http://forums.novell.com/member.php?userid=7564
View this thread: http://forums.novell.com/showthread.php?t=333232