Password management is generally outside the scope of this guide and is covered appropriately in documentation such as the Novell Modular Authentication Services (NMAS) Administration Guide and the Novell Password Management Administration Guide.
Novell password technologies are in a state of transition, moving slowly from Simple Password authentication to Universal Password authentication. Both password authentication methods are supported in Novell Open Enterprise Server 11 and Novell Kanaka for Mac.
When authenticating to a Mac OS X system, Novell Kanaka for Mac determines the fully distinguished name of the user and then makes the appropriate API calls to verify the password with Novell eDirectory. These APIs are currently limited to only the eDirectory password.
After authentication, user information and storage information are retrieved and returned to the Kanaka Plug-in and Desktop Client. The storage connection information is passed through to the Mac OS X operating system so that it automatically connects to the appropriate network storage through Native File Access. As these connections occur, Native File Access attempts to connect with the same password.
The eDirectory password you use for authentication must match the password you use for Native File Access, whether it’s Simple Password or Universal Password.
If you are using the Simple Password authentication method, you can use either ConsoleOne or iManager to set the Simple Password.
If you are using the Universal Password authentication method, you can use iManager to set up Universal Password policies and apply them to users or containers. After the password policies are put into place, the Universal Password must be populated for each user. In most cases, this means that the user must go through a password change process.
Consult the Novell Password Administration Guide.
Universal Password is easier than Simple Password to maintain throughout the lifecycle of a user. Beginning with eDirectory 8.8, Novell APIs have been updated and Novell Kanaka for Mac has been engineered to automatically use the Universal Password for all aspects of authentication and password change, so no synchronization is required.