I have some questions about implementing universal password in my tree that I wanted to get some feedback on. Some background: I have a tree with several NW 6.5 sp6 servers with eDir 8.7.3.9 on them; I have three
OES Linux servers with eDir 8.7.3.7; also there are two NW 6.0 sp6 with eDir 8.7.3.7 machines. Finally there is an old NW 5.1 eDir 7.62 box. The master of the tree is on one of the 6.5 sp6 eDir 8.7.3.9 boxes; all replicas are on the 6.5 machines and on both the NW 6.0 sp6 machines. In the field I have 4.91 sp3 clients with NMAS installed. I also have Macintosh machines connecting with AFP to the 6.5 servers.
In my quest to implement UP I have found that I need to regenerate the keys for the tree - the current keys are 56 bit. I have done the steps using SDIDIAG and all servers are in sync with these keys.
Given the current config of the tree are there any problems with revoking the current keys and generating new 168 bit keys with the SDIDIAG "RD -R" - or should this be done with the "SD -G"?
After this is done when is UP actually "turned on"? When I assign a policy to a user, container or partition?
My main objective here is to implement a policy that will better keep the AFP simple pw in sync with UP and even NDS passwords - I want to try to reduce the password drift even further than what I can do in the current configuration (of just NDS and simple pw). None of the fancy rules for upper/lower case etc are needed for passwords - at this time anyway.
Any thoughts on what I should look out for? Thanks for any info or comments!
w
--
Wayne Fee
IT Enterprise Systems
Appalachian State University
feejw@appstate.edu
implementing Universal Password questions
Threaded Mode
