Credential Storage; Disabling Zenworks User Authentication - Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - SYSTEM ADMINISTRATION REFERENCE 10.3 16-04-2010 System Administration Manual

Windows
login
ZENworks also
matches
uses Kerberos
user
authentication?
source
login?
For example, in the first row, the user's initial login, user source, and ZENworks login credentials
match. As a result, the user can log in to the ZENworks Management Zone and the ZENworks login
dialog box does not appear.
As another example, in the second row, the user's initial login credentials are using credentials from
a different domain but match the ZENworks login credentials. As a result, the user can log in to the
ZENworks Management Zone, and the ZENworks login dialog box does not appear.

32.3 Credential Storage

ZENworks uses Novell CASA (Common Authentication Services Adapter) to enable single sign-on.
When the ZENworks Adaptive Agent authenticates a user to the Management Zone via the
credentials entered in the Microsoft client, Novell client, or ZENworks login screen, the username
and password is stored in the secure CASA vault on the user's device.
CASA is installed with the ZENworks Adaptive Agent. It includes the CASA Manager, which is an
interface used to manage the credentials in the storage vault. The CASA Manager is available from
the Start > Program Files > Novell CASA menu. Generally, you or the device's user should not need
to use the CASA Manager. When a user's credentials change in the LDAP directory, they are
updated in the CASA storage vault the next time the user logs in. If you do run the CASA Manager,
you are prompted to install the GTK# Library. If you choose to install the library (which is necessary
to run the CASA Manager), you are directed to a Novell Web site from which you can install it.
Do not remove CASA from the managed device. If you do not want the CASA Manager displayed
to users, you can remove the Novell CASA folder from the Start > Program Files menu.

32.4 Disabling ZENworks User Authentication

By default, if a user source is defined in the ZENworks Management Zone, the ZENworks Adaptive
Agent attempts to authenticate a user to the zone whenever he or she logs in through the Microsoft
or Novell client.
If necessary, you can disable user authentication to the zone. For example, you might have some
users that only receive device-assigned content, so you don't want the overhead of having them
logged in to the zone.
To disable user authentication to the zone:
1 Locate the following key in the registry on the user's device:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ZCM\ZenLgn
2 (Conditional) If you want to disable login, add the following DWORD value:
Value name: DisablePassiveModeLogin
Value data: Any non-zero value (for example, 1, 2, 3, 100)
Member of Member of
same different
domain? domain?
Windows and
Can log in to
ZENworks
Management
credentials
Zone?
match?
Yes
ZENworks
login dialog
box appears?
Yes
User Authentication 277