Managing Access to SecretStore

Enable Administrator Access to SecretStore
If you check the Enable Administrator Access to SecretStore check box, a Novell® SecretStore® administrator can unlock a user's SecretStore. This is useful when a user forgets a password.

Although the SecretStore administrator can unlock a user's SecretStore, that administrator can't read the user's passwords. Unlocking a user's SecretStore only lets the logged-in user regain access to passwords after a SecretStore lock. (A SecretStore lock occurs when an administrator changes a user's eDirectoryTM password.)

SecretStore Administrator List
The SecretStore Administrator List identifies users who can unlock SecretStore.

A SecretStore administrator should not have "normal" network administrator rights. This caution prevents the administrator from resetting the user's password (as admin), unlocking the user's SecretStore (as SecretStore administrator), logging in as the user (with the reset password), and reading secrets.

To avoid bypassing enhanced protection, the two-administrator feature must be split between two or more administrators (one eDirectory administrator, one SecretStore administrator).

To add a SecretStore Administrator:

  1. Click Add, then browse to and select the desired User object.
  2. Click OK.

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.