When users set challenge response questions and answer pairs is this
data stored in the sASLoginSecret attribute within eDirectory (provided
SSPR is pointed to eDir)? If so, would SSPR be able to read/validate
user challenge response questions and answers stored in that attribute
if the values were written there by another application?

The reason I ask is SSPR is being implemented to replace an existing
password management system. The existing system looks to have been
calling NMAS to store that data in eDirectory (possibly the
sASLoginSecret attribute). There is a desire to not require users to
re-register challenge response questions if it is not necessary. If
SSPR can read existing values set by its predecessor then we are all
good but I have not run across this before.

gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=54314