Creating a Fake Name
Novell Cool Solutions: Trench
By Robert Stout
Digg This -
Posted: 12 Jul 2001
Since I am a ZEN freak I thought I would post this here.
I am a network manager for a large school district and have been using Catalog Services for contextless login about as long as it has been around. But I needed some improvements. Students' user names are their ID number and we use simple passwords for the students to ease the teachers' work load, but the passwords are very easy enough to figure out if you know the student's full name. It did not take long for the students to figure out that if you type the "Full Name" in the Username field and tab to the password, they could quickly figure out the password and get in.
When you create the catalog for contextless login you must use the "Full Name" for the index so you cannot use anything other than the "Full Name" attribute. The client will not respond to a catalog that does not have the "Full Name" attribute used as the index. The "Full Name" call to the catalog comes from a file called "LGNCON32.DLL" that is in the Windows system directory.
Well... if you use a hex editor and go 3/4 of the way through the file you will find the code for the "Full Name" call. (OK, right now you are thinking "this can't be supported by Novell" and you are 100% right. But this is Cool Solutions, where anything is possible...)
So back to my story, change the 3 cases of "Full Name" with "Fake Name" or anything you want but you MUST keep it the same length, and save the file.
Start ConsoleOne, go to Tools | Schema Manager, select the attributes tab, "Create" the attribute "Fake Name" as a case ignore string. Then go to the Class tab and scroll down to the User class and "Add" the attribute "Fake Name".
Now there is no snapin for Catalog Services in ConsoleOne, so open NWadmin and create a catalog as described in TID 10011480 but use the "Fake Name" attribute as the index instead of "Full Name".
If you are doing this in a production environment you will need to make 2 catalogs, the one that you are currently running and the new one with the "Fake Name" index. This is because the old "LGNCON32.DLL" does not know about the new attribute and the new "LGNCON32.DLL" does not know about the old attribute.
Here is the ZEN part: If you change the Workstation Policy to reflect the new catalog depending on how you have the workstations read the policy, it might get the catalog change but not the new "LGNCON32.DLL". So make an app object with the reg. setting for the new catalog [HKEY_LOCAL_MACHINE\Network\ Novell\System Config\Network Provider\ Graphical Login\NWLGE\Z XContext\Catalogs] "<Tree Name>"="<New Catalog Name>". Then add the new "LGNCON32.DLL" to be distributed. Set it to "Force Run" and reboot if you want but the next time use login they will be using the new catalog with the new "LGNCON32.DLL". This way you know that both happened at the same time. Also put the new "LGNCON32.DLL" in the client directory so when you install the client you will get the new "LGNCON32.DLL" during the install.
The cool part is, now if you want to catalog the users with something other than "Full Name" you now have an attribute to do that with.
P.S. You can also try to rename the "LGNCON32.DLL" to something different and make the change in the reg. At [HKEY_LOCAL_MACHINE\Network\ Novell\System Config\Network Provider\ Graphical Login\NWLGE\Z XContext] %93LoginExtName"="<New dll Name>". I have not tried it because I do not know if there is any call directly made to the "LGNCON32.DLL" from some other part of the client.
If you have any questions you may contact Robert at email@example.com