Novell Password Management Administration Guide

2y ago
51 Views
2 Downloads
1.29 MB
73 Pages
Last View : 1d ago
Last Download : 9m ago
Upload by : Rafael Ruffin
Transcription

Novell Password Management Administration Guidenovdocx (ENU) 29 January 2007NovellPassword Managementwww.novell.com3.1xADMINISTRATION GUIDEMarch 9, 2007

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, andspecifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,without obligation to notify any person or entity of such revisions or changes.Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaimsany express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation tonotify any person or entity of such changes.Any products or technical information provided under this Agreement may be subject to U.S. export controls and thetrade laws of other countries. You agree to comply with all export control regulations and to obtain any requiredlicenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities onthe current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See theNovell International Trade Services Web page (http://www.novell.com/info/exports/) for more information onexporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary exportapprovals.Copyright 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,stored on a retrieval system, or transmitted without the express written consent of the publisher.Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in thisdocument. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.patents listed on theNovell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or moreadditional patents or pending patent applications in the U.S. and in other countries.Novell, Inc.404 Wyman Street, Suite 500Waltham, MA 02451U.S.A.www.novell.comOnline Documentation: To access the latest online documentation for this and other Novell products, seethe Novell Documentation Web page (http://www.novell.com/documentation).novdocx (ENU) 29 January 2007Legal Notices

For Novell trademarks, see the Novell Trademark and Service Mark list list.html).Third-Party MaterialsAll third-party trademarks are the property of their respective owners.novdocx (ENU) 29 January 2007Novell Trademarks

novdocx (ENU) 29 January 2007

novdocx (ENU) 29 January 2007ContentsAbout This Guide1 3.811Universal Password Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.1.1How Secure Is Universal Password? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Deployment Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.2.1Step 1: Review the Services You Currently Use and Understand their Current PasswordLimitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.2.2Step 2: Identify Your Need for Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . 142.2.3Step 3: Make Sure Your Security Container is Available . . . . . . . . . . . . . . . . . . . . . 142.2.4Step 4: Verify That Your SDI Domain Key Servers Are Ready for UniversalPassword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152.2.5Step 5: Upgrade at Least One Server in the Replica Ring to NetWare 6.5 or Later oreDirectory 8.7.3 or Later . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162.2.6Step 6: Check the Tree for SDI Key Consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2.7Step 7: Enable Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2.8Step 8: Deploy Novell Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Backward Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Password Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Issues to Watch For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Managing Passwords by Using Password Policies3.19Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Password Self-Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Password Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Deploying Universal Password2.17Overview of Password Policy Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.1Universal Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.2Advanced Password Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.3Enforcement of Policies in eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Planning for Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2.1Planning How to Assign Password Policies in the Tree . . . . . . . . . . . . . . . . . . . . . .3.2.2Planning the Rules for Your Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2.3Planning Login and Change Password Methods for your Users . . . . . . . . . . . . . . . .Prerequisite Tasks for Using Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.3.1(NetWare 6.5 only) Re-Creating Universal Password Assignments . . . . . . . . . . . . .Creating Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4.1Advanced Password Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4.2Universal Password Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Assigning Password Policies to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Finding Out Which Policy a User Has . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Setting A User's Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Troubleshooting Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232324242425252525282931323839414142Contents5

4.14.24.34.44.54.64.74.84.9Overview of Password Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Prerequisites for Using Password Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Managing Forgotten Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464.3.1Enabling Forgotten Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474.3.2Creating or Editing Challenge Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484.3.3Selecting a Forgotten Password Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514.3.4Disabling Password Hint by Removing the Hint Gadget . . . . . . . . . . . . . . . . . . . . . . 534.3.5Configuring Forgotten Password Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534.3.6What Users See When They Forget Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Providing Users with Password Reset Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Adding a Password Change Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Configuring E-Mail Notification for Password Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614.6.1Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624.6.2Setting Up the SMTP Server to Send E-Mail Notification . . . . . . . . . . . . . . . . . . . . . 624.6.3Setting Up E-Mail Templates for Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Test-Driving Password Self-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Adding Password Self-Service to Your Company Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644.8.1Integrating Password Self-Service with Virtual Office . . . . . . . . . . . . . . . . . . . . . . . . 654.8.2Linking to Password Self-Service from a Company Portal. . . . . . . . . . . . . . . . . . . . . 654.8.3Making Sure Users Have Configured Password Features. . . . . . . . . . . . . . . . . . . . . 69Troubleshooting Password Self-Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695 Password Synchronization across Connected Systems71A Documentation Updates73A.1A.2A.3645January 5, 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73February 2, 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73February 27, 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Novell Password Management Administration Guidenovdocx (ENU) 29 January 20074 Password Self-Service

novdocx (ENU) 29 January 2007About This GuideThis guide provides information on how to manage passwords on Novell systems. It includesinstructions on how to deploy, configure, and manage Universal Password, password policies, andpassword self-service. It is written primarily for network administrators. Chapter 1, “Overview,” on page 9 Chapter 2, “Deploying Universal Password,” on page 11 Chapter 3, “Managing Passwords by Using Password Policies,” on page 23 Chapter 4, “Password Self-Service,” on page 45 Chapter 5, “Password Synchronization across Connected Systems,” on page 71Documentation UpdatesFor the most recent version of the Password Management Administration Guide, visit the PasswordManagement Documentation Web site (http://www.novell.com/documentation/password management31/index.html).Documentation ConventionsIn Novell documentation, a greater-than symbol ( ) is used to separate actions within a step anditems in a cross-reference path.A trademark symbol ( , TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-partytrademark.When a single pathname can be written with a backslash for some platforms or a forward slash forother platforms, the pathname is presented with a backslash. Users of platforms that require aforward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.User CommentsWe want to hear your comments and suggestions about this manual and the other documentationincluded with this product. Please use the User Comment feature at the bottom of each page of theonline documentation, or go to www.novell.com/documentation/feedback.html and enter yourcomments there.About This Guide7

novdocx (ENU) 29 January 20078Novell Password Management Administration Guide

novdocx (ENU) 29 January 2007Overview11This section provides an overview of Universal Password, password policy, and password selfservice.1.1 Universal PasswordThe traditional NDS password has proven troublesome for integration within heterogeneoussystems. Novell introduced Universal Password, a way to simplify the integration and managementof different password and authentication systems into a coherent network.In the past, administrators have had to manage multiple passwords (simple password, NDS password, enhanced password) because of password limitations. Administrators have also had todeal with keeping the passwords synchronized. NDS Password: The older NDS password is stored in a hash form that is nonreversible. Onlythe NDS system can make use of this password, and it cannot be converted into any other formfor use by any other system. Simple Password: The simple password was originally implemented to allow administrators toimport users and passwords (clear text and hashed) from foreign LDAP directories such asActive Directory* and iPlanet*.The limitations of the simple password are that no password policy (minimum length,expiration, etc.) is enforced. Also, by default, users do not have rights to change their ownsimple passwords. Enhanced Password: The enhanced password, the forerunner of Universal Password, offerssome password policy, but its design is not consistent with other passwords. It provides a oneway synchronization and it replaces the simple or NDS password.Universal Password was created to address these password problems by Providing one password for all access to eDirectoryTM. Enabling the use of extended characters in password. Enabling advanced password policy enforcement. Allowing synchronization of passwords from eDirectory to other systems.For detailed information, see Chapter 2, “Deploying Universal Password,” on page 11.1.2 Password PoliciesWith the release of Universal Password, Novell introduced the ability to create advanced passwordpolicies.A password policy is a collection of administrator-defined rules that specify the criteria for creatingand replacing end user passwords. NMAS allows you to enforce password policies that you assignto users in Novell eDirectory.Most features of password management require Universal Password to be enabled.You manage password policies using iManager.Overview9

1.3 Password Self-ServicePassword Self-Service enables users to do the following: Recover from forgotten passwordsThis service reduces calls to the help desk when users forget passwords. Reset passwordsUsers change their passwords while viewing the rules that you have specified in the passwordpolicy.You manage the policy for password self-service using iManager. Users access the password selfservice features using one of the following: iManager 2.02 portal Novell ClientTM Virtual Office eXtend DirectorFor more information, see Chapter 4, “Password Self-Service,” on page 45.1.4 Password SynchronizationUsing Password Synchronization, you can also enforce password policies on connected systems, asexplained in Chapter 5, “Password Synchronization across Connected Systems,” on page 71.10Novell Password Management Administration Guidenovdocx (ENU) 29 January 2007For more information, see Chapter 3, “Managing Passwords by Using Password Policies,” onpage 23.

novdocx (ENU) 29 January 20072Deploying Universal Password2This section decribes how to deploy and manage Universal Password.2.1 Universal Password BackgroundUniversal Password is managed by the Secure Password Manager (SPM), a component of theNMASTM module (nmas.nlm on NetWare ). SPM simplifies the management of password-basedauthentication schemes across a wide variety of Novell products as well as Novell partnerproducts. The management tools expose only one password and do not expose all of the behind-thescenes processing for backwards compatibility.Secure Password Manager and the other components that manage or make use of UniversalPassword are installed as part of the NetWare 6.5 or later and eDirectoryTM 8.7.3 or later install;however, Universal Password is not enabled by default. Because all APIs for authentication andsetting passwords are moving to support Universal Password, all the existing management tools,when run on clients with these new libraries, automatically work with the Universal Password.NOTE: Password Management 2.02 for Novell eDirectory for iManager 2.x is available fordownload at the Novell Free Download Site (http://download.novell.com). Minimum requirementsare eDirectory 8.7.3 or later and iManager 2.02 or later. Information on how to download and installthis plug-in is available on the download site.Novell ClientTM software supports the Universal Password. It also continues to support the NDS password for older systems in the network. After Universal Password has been configured andenabled for a user, Novell Client has the capability of automatically upgrading/migrating the NDSpassword to the Universal Password.2.1.1 How Secure Is Universal Password?Reversible encryption of Universal Password is required for convenient interoperation with otherpassword systems. Administrators have to evaluate the costs and benefits of the system. Using aUniveral Password stored in eDirectory might be more secure or convenient than attempting tomanage several different passwords. Novell provides several levels of security to make sureUniversal Password is protected while stored in eDirectory.A Universal Password is protected by three levels of security: triple DES encryption of the passworditself, eDirectory rights, and file system rights.The Universal Password is encrypted by a triple DES, user-specific key. Both the UniversalPassword and the user key are stored in system attributes that only eDirectory can read. The user key(3DES) is stored encrypted with the tree key, and the tree key is protected by a unique NICI key oneach machine. (Note that neither the tree key nor the NICI key is stored within eDirectory. They arenot stored with the data they protect.) The tree key is present on each machine within a tree, but eachtree has a different tree key. So, data encrypted with the tree key can be recovered only on a machinewithin the same tree. Thus, while stored, the Universal Password is protected by three layers ofencryption.Deploying Universal Password11

File system rights ensure that only a user with the proper rights can access these keys.If Universal Password is deployed in an environment requiring high security, you can take thefollowing precautions:1. Make sure that the following directories and files are ell\nici\system32\ where the NICI DLL is r/locall/lib/libccs2.so and the NICI sharedlibraries in the same directoryOn LSB-compliant systems:The above mentioned directories and files as l/libConsult the documentation for your system for specific details of the location of NICI andeDirectory files.2. As with any security system, restricting physical access to the server where the keys reside isvery important.2.2 Deployment StepsFollow the steps below to deploy Universal Password:2.2.1 Step 1: Review the Services You Currently Use andUnderstand their Current Password LimitationsThe following table outlines some Novell services and the password limitations they have. Theselimitations are addressed by Universal Password:12Novell Password Management Administration Guidenovdocx (ENU) 29 January 2007Each key is also secured via eDirectory rights. Only administrators with the Supervisor right or theusers themselves have the rights to change Universal Passwords.

DescriptionNovell Client for Windows*NT*/2000/XP versionsearlier than 4.9 and NovellClient for Windows 95/98versions earlier than 3.4.The Novell Client softwarefor file and print services.Uses the NDS password,which is based on the RSApublic/private key system.novdocx (ENU) 29 January 2007ServiceLimitations Has limited support for passwords withextended characters Passwords are inaccessible from nonNovell systems Passwords are stored in such a way asto prevent extraction, thus disallowinginteroperability with the simplepasswordWindows Native Networking(CIFS) in NetWare 6 andNetWare 5.1 (NFAP add-onpack for NetWare 5.1)Macintosh* NativeNetworking (AFP) inNetWare 6 and NetWare 5.1(NFAP add-on pack forNetWare 5.1)LDAPNovell’s CIFS server as partof the Native File AccessProtocols. It allowsWindows clients to accessNovell services using thebuilt-in Windows ClientNetworking Services. Uses a separately administeredNovell’s AFP server as partof the Native File AccessProtocols. It allowsMacintosh clients to accessNovell services using thebuilt-in Macintosh ClientNetworking Services. Uses a separately administeredNovell’s LDAP servicesallow a user to bind usingusername and passwordacross a Secure SocketsLayer (SSL) connection. Limited interoperability with Novellpassword called the simple password Has no expiration or restrictioncapabilities for the simple password Attempts to synchronize with NDSpassword but can get out of syncpassword called the simple password Has no expiration or restrictioncapabilities for the simple password Attempts to synchronize with the NDSpassword but can get out of syncClient services (NDS password) forextended character or internationalversions First tries NDS passowrd, thenattempts to utilize the simple passwordif bind is not a simple bind (that is, thebind is using an encrypted password)LDAP User ImportUses ICE or other tools toimport users from foreigndirectories into eDirectory.Passwords are also broughtin. Passwords are imported into the simplepassword Mutually exclusive of NFAP solutions(Windows and Macintosh Native FileAccess) if not clear text password Password is in its digested/hashednative formatWeb-Based ServicesRADIUS ServicesNovell Web-based services(Apache Web server)authentications. Thisincludes eGuide, NovellPortal Services, and otherWeb-based applications. Limited interoperability with NovellNovell RADIUSAuthentication Services Limited interoperability with the NovellClient services (NDS password) forextended character or internationalversions Not designed to check the simplepasswordClient services (NDS password) forextended character or internationalversionsDeploying Universal Password13

DescriptionNetWare Remote ManagerNovell’s Web-based serverhealth and managementinterface.Limitations Limited interoperability with NovellClient services (NDS password) forextended character or internationalversions Not designed to check the simplepasswordDirXML PasswordSynchronization forWindows 1.0 and DirXMLStarter PackEnables synchronization ofpasswords for NT, ActiveDirectory, and eDirectoryaccounts. eDirectory password changes madeoutside of the Novell Client are notsynchronized. For example, aneDirectory password change madethrough eGuide would not besynchronized to Active Directory or NT.See Sample Password irxmlstarterpack/jetset/data/aktnwz0.html) for detailed informationabout DirXML PasswordSynchronization for Windows.2.2.2 Step 2: Identify Your Need for Universal PasswordIf you answer yes to any of the following questions, you should plan to deploy and use UniversalPassword: Do you currently use Native File Access and desire to enforce policies such as passwordexpiration or password length? Do you use or plan to use Native File Access (Windows or Macintosh)? Do you plan to have international users access Novell Web-based services or use Novell Clientfor Windows to access Novell file and print services? Do you plan to use Novell Nsure Identity Manager 2 or 3, powered by DirXML, with itsenhanced password policy and password synchronization capabilities? Do you plan to use NterpriseTM Branch OfficeTM 2.0?2.2.3 Step 3: Make Sure Your Security Container is AvailableNMAS relies on storage of policies that are global to the eDirectory tree, which is effectively thesecurity domain. The security policies must be available to all servers in the tree.NMAS places the authentication policies and login method configuration data in the Securitycontainer that is created off of the [Root] partition. This information must be readily accessible to allservers that are enabled for NMAS. The purpose of the Security container is to hold global policiesthat relate to security properties such as login, authentication, and key management.With NMAS, we recommend that you create the Security container as a separate partition and thatthe container be widely replicated. This partition should be replicated as a Read/Write partition onlyon those servers in your tree that are highly trusted.eDirectory 8.8 provides security container caching. This feature caches the security container dataon local servers so NMAS doesn’t have to access the Security container with every attempted log in.14Novell Password Management Administration Guidenovdocx (ENU) 29 January 2007Service

novdocx (ENU) 29 January 2007See the eDirectory 8.8 Administration Guide new/data/bwpla84.html) for more information.WARNING: Because the Security container contains global policies, be careful where writablereplicas are placed, because these servers can modify the overall security policies specified in theeDirectory tree. In order for users to log in with NMAS, replicas of the User objects and securitycontainer must be on the NMAS server.For additional information, see Novell TID 10091343 d.cgi?/10091343.htm).2.2.4 Step 4: Verify That Your SDI Domain Key Servers AreReady for Universal Password1 Verify that the SDI Domain Key servers meet minimum configuration requirements and haveconsistent keys for distribution and use by other servers within the tree. These steps are crucial.If you don't follow them as outlined, you could cause serious password issues on your systemwhen you turn on Universal Password.1a At a NetWare server console, load sdidiag.nlm.At a Windows server, open a command prompt box and run sdidiag.exe.Sdidiag.nlm ships with NetWare 6.5 or later. Sdidiag.exe ships with the Windows versionof eDirectory 8.7.3 or later. Both files are available as part of a security patch(sdidiag21.exe) associated with Novell TID 2966746 746).1b Log in as an Administrator by entering the server (full context), the tree name, theusername, and the password.1c Check to make sure all you servers are using 168 bit keys.Follow the instructions in Novell TID 10093969 d.cgi?/10093969.htm) to ensure this requirement is met.1d Enter the command CHECK -v sys:system\sdinotes.txt.The output to the screen displays the results of the CHECK command.If no problems are found, go to “Step 5: Upgrade at Least One Server in the Replica Ringto NetWare 6.5 or Later or eDirectory 8.7.3 or Later” on page 16.If problems are found, follow the instructions written to the sys:system\sdinotes.txt file toresolve any configuration and key issues. Continue with Step 2.2 Verify that the SDI Domain Key Servers are running NICI 2.6.x or later.We recommend that NetWare 6.5 or later or eDirectory 8.7.3 or later be installed on your SDIDomain Key servers.To find out if NICI 2.6.x is installed on these servers:2a At the server console, enter the NetWare command M NICISDI.NLM.The version must be 264xx.xx or later.If the version is earlier, you must do one of the following: Update the servers' NICI to version 2.6.x, which requires eDirectory 8.7.3 or later.Deploying Universal Password15

Update the SDI Domain Key servers to NetWare 6.5 or later or eDirectory 8.7.3 orlater. Remove the servers as SDI Domain Key Servers and add a NetWare 6.5 oreDirectory 8.7.3 or later server.To remove a server as an SDI Domain Key Server1. At a NetWare server console, load sdidiag.nlm.At a Windows server, open a command prompt box and run sdidiag.exe.NOTE: Sdidiag.nlm ships with NetWare 6.5 or later. Sdidiag.exe ships with theWindows version of eDirectory 8.7.3 or later. Both files are available as part of asecurity patch (sdidiag21.exe) associated with Novell TID 2966746 746).2. Log in as an administrator that has management rights over the Security containerand the W0.KAP.Security objects by entering the server (full context), the tree name,the user name, and the password.3. Enter the command RS -s servername.For example, if server1 exists in container PRV in the organization Novell within theNovell Inc tree, you would type .server1.PRV.Novell.Novell Inc. for theservername.To add a server as an SDI Domain Key Server1. From a NetWare server console, load sdidiag.nlm.From a Windows server, open a command prompt box and run sdidiag.exe.2. Log in as an Administrator by entering the server (full context), the tree name, theuser name, and the password.3. Enter the command AS -s servernameFor example, if server1 exists in container PRV in the organization Novell within theNovell Inc tree, you would type .server1.PRV.Novell.Novell Inc. for theservername.2b (Optional) After completing one of the options above, you might want to rerun theSDIDIAG check command.See Step 1d on page 15.NOT

Novell www.novell.com novdocx (ENU) 29 January 2007 Novell Password Management Administration Guide Pa

Related Documents:

Novell www.novell.com Novell Confidential Manual (99a) 15 April 2004 iFolder 2.1 June 25, 2004 INSTALLATION AND ADMINISTRATION GUIDE. Novell Confidential Manual (99a) 15 April 2004 . June 25, 2004 INSTALLATION AND ADMINISTRATION GUIDE. Novell Confidential Manual (99a) 15 April 2004 Legal Notices Novell, Inc. makes no representations or .

For information about the other Access Manager devices and features, see the following: Novell Access Manager 3.1 SP5 Administration Console Guide Novell Access Manager 3.1 SP5 Identity Server Guide Novell Access Manager 3.1 SP5 Policy Guide Novell Access Manager 3.1 SP5 J2EE Agent Guide Novell Access Manager 3.1 SP5 SSL VPN Server Guide

Novell Native File Access Pack for NetWare 5.1 Installation and Administration Guide . Novell Native File Access Pack for NetWare 5.1 Installation and Administration Guide 100-004513-001 A April 4, 2002 Novell Confidential Manual 99a 38 July 17, 2001 Novell Trademarks

The Novell Client is a powerful and feature rich service that is necessary to gain the full functionality of a Novell NetWare system. The Novell 4.91 client runs on a Windows 2000 or Windows XP workstations and allows your . To launch the Novell Client installation, run the SETUPNW.EXE file as depicted in Illustration 1. Step 2 - Choose the .

Type your POP password here. Type your new password here. Re-type your new password here. Click the Change Password button. Hofstra Gmail Password change screen 4. In the Password change window: a. Enter your current POP password (by default this is your 700 number). b. Enter a new password twice. c. Click on the Change Password button at the .

SecureLogin Client Utility to customize Novell SecureLogin to your preferences and requirements. 1.1 Management Utilities Novell SecureLogin has two management utilities: Section 1.1.1, "Administrative Manage Utilities," on page 7 Section 1.1.2, "The Novell SecureLogin Client Utility," on page 9

CHANGE PASSWORD 1. From the landing page, select the Change Password link. The SiteMinder page opens. 2. Enter your User Login and Self Service/LDAP password 3. Click the Login button The Password Management screen displays. 4. Enter your current password 5. Enter your new password, in each of the corresponding fields The Password .

automotive manufacturers worldwide. Those companies that take a forward-thinking approach will gain a competitive advantage and secure a leadership position in a realigned automotive value chain. At Seco, we partner with OEMs and other vehicle-based organisations around the globe to help automotive manufacturers overcome their