We are looking to implement SSPR and ideally utilise the Client Login
We have eDir and AD, sync'd through an IDM 3.6 Identity Vault (own

Regarding the Client Login Extension I am investigating the statement
"This utility does not work with any application that alters the
Microsoft Credential Provider, except the Novell Client 4.91 SP3 or

Does/can it work with chained Credential Providers?

All our Windows 7 machines have Novell Client 2 installed (and ZCM 11.x
agent), but it is NOT primary
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\Initial Login]
"Login With Non-Novell Credential Provider"="YES"
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Authentication\ NCCredProvider]

So it logs on to machine/AD and then passively logs into eDirectory
after. We do not use ZCM user management (disabled on agent config), so
it shouldn't even try that (but we also disable it manually in reg too
"DisablePassiveModeLoginPrompt"=dword:00000001 )

I think it should work OK for these machines?

All our laptops/tablets also have Sophos Safeguard disk encryption
installed, which adds their credential provider. We actually perform
pass through authentication from the Safeguard preboot authentication so
it's not really relevant for this scenario (Safeguard passwords
introduce their own and separate issues!;-)

The other credential provider that can exist in our environment is the
Junos Pulse credential provider... We use this for VPN access and it
will automatically authenticate machines (using AD Computer Account) if
within a trusted network environment (NHS N3) but will initiate a 2
factor user authentication (AD and SecurEnvoy) if connected to an
'external' network.

So, I guess this is the real concern/area to investigate.

Does anyone have experience in these areas that they can share?

I shall attempt to configure a test environment to test, but with so
many systems interacting (eDir, AD, IDM, Safeguard, Juniper, SecurEnvoy)
it is difficult to emulate.

Any thoughts and suggestions welcome!
Many thanks


djbrightman's Profile: https://forums.netiq.com/member.php?userid=1524
View this thread: https://forums.netiq.com/showthread.php?t=52335