I am forwarding my message and response to this forum as suggested by
Novell...any ideas?

Charles Short wrote:
> Netware 6.5 SP6
> Just need clarification on how things actually work under the covers...
> We have Macs and therefore a Simple Password.
> When UP is turned on, do the Macs and other forms of NFA still
> authenticate against Simple Password field which now magically obeys the
> UP policy (there is an option in the UP policy to sync the UP with the
> Simple Password), or does NFA genuinely authenticate against the new UP
> field...I am presuming that in the UP world there will be the NDS
> password (key pair), a Simple Password (hashed value) and the UP (hashed
> value),all kept in sync with NMAS?
> Charles

-------- Original Message --------
Subject: Re: Universal Password under the covers
Date: Fri, 13 Jul 2007 14:46:08 GMT
From: ab@novell.com <ab@novell.com>
Organization: Novell Inc.
Newsgroups: novell.support.modular-authentication-services
References: <O8Lli.752$QE3.83@prv-forum2.provo.novell.com>

Hash: SHA1

I imagine they still use Simple Password (the attributes) even though
the Simple Password method is used which now tries Universal Password
first though there could be a hangup in there. Trying to think back and
dig through the cobwebs this is what I recall:

An LDAP authentication uses the Simple Password method which tries to
use Universal Password first. If the user object doesn't have one it
tries the Simple Password. Now with that in mind that's with eDirectory
8.8.x and the NDSD_TRY_NMAS_FIRST flag enabled. If that's not enabled
then LDAP tries the NDS password.

NFAP may be slightly difference since it has its own service on the
server (right?). Is there an NFAP forum you could ask specifically in?
I just am not entirely sure on this one.

Good luck.