Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 06-Feb-2008, 03:09 AM
Junior Member
  
Join Date: Feb 2008
Posts: 2
kelvingilmour 0 reputation points
Default Re: password storage in eDir and NDS 8.8.*
[QUOTE=ab@novell.com;1461124]-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You should post both of these in the
novell.support.modular-authentication-services forum or the eDir forums.
~ Security Manager is a specific product and this question isn't that
relevant to the product. You may also want to check the NMAS and
Password Management documentation as it answers most if not all of your
questions (gets into some good detail). As a quick non-verbose
response... NDS password is still a hash, UP has always used 3DES and
shouldn't ever use DES (don't think it's even possible... you could
never decrypt something with DES that was 3DES'd), GW doesn't affect
anything (has its own proprietary datastore that uses hashes as I
recall), and you can force a password change by setting the regular NDS
attributes to expire the psasword (the password expiration time
attribute is still honored as long as it is MORE restrictive than the UP
policy).

Good luck.





kelvingilmour wrote:
| Hi
| thanks for taking the time to read this.
|
| Im curious to know how both the latest version of eDir and NDS 8.8.*
| store passwords on the server. I have been lead to believe is
| encrypted using 3DES. rather than hashed. Is it only 3DES that is used
| or does it fall back to DES at all? when would it fall back to DES in
| normal operational circumstances?
|
| Further does the use of Groupwise have any impact in the manner of
| encryption and levels used and can levels be forced to higher level of
| encrpytion.
|
| on a different topic and probably one for another forum, I was
| wondering if anyone knows a way of forcing a user to change their
| password at next logon using universal password.
|
| Thanks in advance
|
| Kelvin
|
| (NYC)
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - [url=http://enigmail.mozdev.org]Enigmail: A simple interface for OpenPGP email security[/url]

iD8DBQFHqKHLvtsLmbbyAAERAqBlAJ9UvGyYWIBZzhNvuMLHmM7ay00bbgCeL1s2
+pl50e4+xTxwPQz+sQVN2bE=
=aStZ
-----END PGP SIGNATURE-----[/QUOTE]

Hi AB,
Many thanks for your response and info. I will look in to those sources that you suggest.

Kelvin
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is Off
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 10:12 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2