Novell Doc: Novell Password Management 3.2 Administration Guide - Step 1: Review the Services You Currently Use and Understand their Current Password Limitations

2.1 Step 1: Review the Services You Currently Use and Understand their Current Password Limitations

The following table outlines some Novell® services and the password limitations they have. These limitations are addressed by Universal Password:

Table 2-1 Password Limitations

Service	Description	Limitations
Novell Client™ for Windows* NT*/2000/XP versions earlier than 4.9 and Novell Client for Windows 95/98 versions earlier than 3.4.	The Novell Client software for file and print services. It uses the NDS® password, which is based on the RSA public/private key system.	Has limited support for passwords with extended characters Passwords are inaccessible from non-Novell systems Passwords are stored in a way that prevents extraction, thus disallowing interoperability with the simple password
Windows Native Networking (CIFS) in NetWare 6 and NetWare 5.1 (NFAP add-on pack for NetWare 5.1)	Novell’s CIFS server as part of the Native File Access Protocols. It allows Windows clients to access Novell services by using the built-in Windows Client Networking Services.	Uses a separately administered password called the simple password Has no expiration or restriction capabilities for the simple password Attempts to synchronize with NDS password but can get out of sync
Macintosh* Native Networking (AFP) in NetWare 6 and NetWare 5.1 (NFAP add-on pack for NetWare 5.1)	Novell’s AFP server as part of the Native File Access Protocols. It allows Macintosh clients to access Novell services by using the built-in Macintosh Client Networking Services.	Uses a separately administered password called the simple password Has no expiration or restriction capabilities for the simple password Attempts to synchronize with the NDS password but can get out of sync
LDAP	Novell’s LDAP services allow a user to bind using a username and password across a Secure Sockets Layer (SSL) connection.	Limited interoperability with Novell Client services (NDS password) for extended character or international versions First tries the NDS password, then attempts to utilize the simple password if the bind is not a simple bind (that is, the bind is using an encrypted password)
LDAP User Import	Uses ICE or other tools to import users from foreign directories into eDirectory. Passwords are also brought in.	Passwords are imported into the simple password Mutually exclusive of NFAP solutions (Windows and Macintosh Native File Access) if it is not a clear text password Password is in its digested/hashed native format
Web-Based Services	Novell Web-based services (Apache Web server) authentications. This includes eGuide, Novell Portal Services, and other Web-based applications.	Limited interoperability with Novell Client services (NDS password) for extended character or international versions Not designed to check the simple password
RADIUS Services	Novell RADIUS Authentication Services.	Limited interoperability with the Novell Client services (NDS password) for extended character or international versions
NetWare Remote Manager	Novell’s Web-based server health and management interface.	Limited interoperability with Novell Client services (NDS password) for extended character or international versions Not designed to check the simple password
DirXML® Password Synchronization for Windows 1.0 and DirXML Starter Pack	Enables synchronization of passwords for NT, Active Directory, and eDirectory™ accounts.	eDirectory password changes made outside of the Novell Client are not synchronized. For example, an eDirectory password change made through eGuide would not be synchronized to Active Directory or NT. See Sample Password Scenarios for detailed information about DirXML Password Synchronization for Windows.