Novell Doc: Novell Password Management 3.2 Administration Guide

2.9 Backward Compatibility

Universal Password is designed to supply backward compatibility to existing services. By default, passwords changed with this service can be synchronized to the simple and NDS passwords on the User object (you can choose which passwords you want to have synchronized by using the Password Management plug-in). This way, NetWare 6 and 5.1 servers running Native File Access protocols for Windows and Apple* native workstations continue to have their passwords function properly. Novell Client software earlier than the Novell Client for Windows version 4.9 or the Novell Client for Windows version 3.4, which don't take advantage of NMAS, also have their passwords continue to function properly.

The exception to this is the use of international characters in passwords. Because the character translations are different for older clients, the actual values no longer match. Customers who have deployed Web-based or LDAP services and who use international passwords have already seen these problems and have been required to change passwords so they do not include international characters. We recommend that all servers be upgraded to NetWare 6.5 and all Novell Client software be upgraded in order for full, system-wide international passwords to function properly.

The Novell NetWare Storage Management Services™ (SMS) infrastructure is used for Novell and third-party backup and restore applications. Additionally, the Novell Server Consolidation utility, Distributed File Services Volume Move, and Server Migration utilities use SMS as their data management infrastructure. The system passwords used by these Novell and third-party products cannot contain extended characters if they are to function in a mixed environment of NetWare 4, 5, and 6 servers. However, when all servers are upgraded to NetWare 6.5, extended character passwords can be used.

NOTE:Refer to Novell TID 3065822 to see which applications and services are Universal Password-capable, as well as which applications and services are extended character-capable. Many applications and services can use extended characters without Universal Password.

The following table shows the expected behavior of Universal Password when it is enabled and interacts with older services.

Table 2-2 Behavior of Enabled Universal Password

Password Change Method	Passwords Changed
Novell Client software earlier than Novell Client for Windows NT/2000/XP version 4.9 or Novell Client for Windows 95/98 version 3.4 to any server version	NDS password only.
Native File Access (Windows or Macintosh) on NetWare 5.1 or NetWare 6	Simple password and NDS password. The password change is successful only if the old NDS and simple passwords were in sync.
Native File Access (Windows or Macintosh) on NetWare 6.5	Universal, simple, and NDS passwords are changed. All are synchronized, even if old ones were out of sync (if the configuration allows for synchronization and the password policy is configured to allow changes to NDS and simple passwords).
LDAP (standard) earlier than eDirectory 8.7.3	NDS password only.
LDAP (extended) earlier than eDirectory 8.7.3	Simple password or NDS password is changed (extensions specify which one). Simple password change results in a -1697 failure.
LDAP (standard) to NetWare 6.5 (or NetWare 5.1 or 6 running eDirectory 8.7.3)	Universal, simple, and NDS passwords are changed. All are synchronized even if old ones were out of sync (if the password policy is configured to allow changes to NDS and simple passwords).
LDAP (extended) to NetWare 6.5	Universal, simple, or NDS password changed (extensions specify which one). This only applies if the password policy is configured to allow changes to NDS and simple passwords.
NetWare Administrator (run on a workstation with a client earlier than version 4.9) to any User object in any container	NDS password only.
NetWare Administrator (run on a workstation with the version 4.9 client) to a User object in a container that has a R/W replica on a NetWare 6.5 server (or NetWare 5.1or 6 running eDirectory 8.7.3)	(Untested and unsupported) Universal, simple, and NDS passwords are changed. All are synchronized even if old ones were out of sync.
ConsoleOne® (run on a workstation with a client earlier than version 4.9) to any User object in any container	There are separate change password pages for the NDS password and the simple password.
ConsoleOne (run on a workstation with the version 4.9 client) with the NMAS client installed and enabled to a User object in a container that has a R/W replica on a NetWare 6.5 server (or NetWare 5.1 or 6 running eDirectory 8.7.3)	Universal, simple, and NDS passwords are changed. All are synchronized even if old ones were out of sync (if the password policy is configured to allow changes to NDS and simple passwords).
ConsoleOne (run on a workstation with the version 4.9 client) to a User object in a container that has no R/W replicas on any NetWare 6.5 servers, or NetWare 5.1 or 6 with eDirectory 8.7.3 (only R/W replicas on NetWare 5.1 or NetWare 6 servers with eDirectory versions earlier than 8.7.3)	There are separate change password pages for the NDS password and the simple password.
Novell iManager 1.5 (NetWare 5.1 or NetWare 6 only) to any User object in any container	NDS password only.
Novell iManager 2.0 (NetWare 6.5 only) to a User object in a container that has a R/W replica on a NetWare 6.5 server (or NetWare 5.1 or 6 running eDirectory 8.7.3)	Universal, simple, and NDS passwords are changed. All are synchronized even if old ones were out of sync (if the password policy is configured to allow changes to NDS and simple passwords).
Novell iManager 2.0 (NetWare 6.5 only) to a User object in a container that does not have any R/W replica on any NetWare 6.5 server, or NetWare 5.1 or 6 servers running eDirectory version 8.7.3	NDS password only.
Novell Remote Manager running on a NetWare 6.5 server to a User object in a container that has a R/W replica on a NetWare 6.5 server, or NetWare 5.1 or 6 servers running eDirectory version 8.7.3	Universal, simple, and NDS passwords are changed. All are synchronized, even if old ones were out of sync (if the password policy is configured to allow changes to NDS and simple passwords) .
Novell Remote Manager running on a NetWare 6.5 server to a User object in a container that does not have a R/W replica on a NetWare 6.5 server, or NetWare 5.1 or 6 servers running eDirectory version 8.7.3	NDS password only.
Novell Remote Manager NDS change password running on a NetWare 5.1 or NetWare 6 server	NDS password only.
Novell Remote Manager simple password management (NetWare 5.1 and 6 only with Native File Access installed)	Simple password only.