Hi folks,

We have AFP running (NW65, SP5) and have a problem.

It seems, when a Mac OSX (10.4.7) user connects via AFP and changes
their password (UP enabled), if the password is more than 8 characters
in length, the 9th character and over get dropped. These workstations
are also using GW Messenger. The users are also Window users. In
doing research for this problem, here are some observations...

1. OSX 10.3.x and below only allow a max of 8 characters (if you try
to enter more than eight, the OS will pop up a msg box about the
2. OSX 10.4.x supports more than 8 characters, but only if AFP v3 AND
DHx (or higher) UAM (User Authentication Method) is available.
2. AFPTCP of NW65(SP5) appears to be AFP v3 aware.
3. AFPTCP of NW65(SP5) appears to NOT support DHx or above UAMs.
4. Because the latest AFPTCP operates in AFP v3 mode but doesn't
support DHx UAMs, the 10.4 OSX client will allow more than 8 characters
when entering the pwd, but will only transmit the first 8 characters.
5. 10.4 OSX users of AFP and Messenger will get confused if they
entered a pwd of more than 8 characters (the user assumes and uses
their >8 character pwd for Messenger (Messenger uses LDAP) and the pwd
stored is 8 characters in length, causing intruder lockout
6. AFP connection attempts will continue to work as the characters
over the 8th character of the >8 pwd are dropped and compared to the
stored password (8 characters), which will match.

I found documentation on the net that suggested that AFPTCP support of
DHx should be available in SP2. But, my analysis indicates that this
has feature is not enabled nor available.

Novell/anyone - Any status on AFPTCP supporting DHx for >8 character
pwd support??


'Presentation indicating AFPTCP support for DHx in NW65 SP2'
'Apple Developer Info - AFP Login and UAMs' (http://tinyurl.com/oxyxm)