In the past, administrators have had to manage multiple passwords (simple password, NDSĀ® password, enhanced password) because of password limitations. Administrators have also had to deal with keeping the passwords synchronized.
NDS Password: The older NDS password is stored in a hash form that is non-reversible. Only the NDS system can make use of this password, and it cannot be converted into any other form for use by any other system.
Simple Password: The simple password was originally implemented to allow administrators to import users and passwords (clear text and hashed) from foreign LDAP directories such as Active Directory* and iPlanet*.
The limitations of the simple password are that no password policy (minimum length, expiration, etc.) is enforced. Also, by default, users do not have rights to change their own simple passwords.
Enhanced Password: The enhanced password, the forerunner of Universal Password, offers some password policy, but its design is not consistent with other passwords. It provides a one-way synchronization and it replaces the simple or NDS password.
Universal Password was created to address these password problems. It provides:
One password for all access to eDirectory.
Enables the use of extended characters in password.
Enables advanced password policy enforcement.
Allows synchronization of passwords from eDirectory to other systems.
Universal Password is managed by the Secure Password Manager (SPM), a component of the NMAS module (nmas.nlm on NetWare). SPM simplifies the management of password-based authentication schemes across a wide variety of Novell products as well as our partner's products. The managment tools only expose one password and do not expose all of the behind-the-scenes processing for backwards compatibility.
Secure Password Manager and the other components that manage or make use of Universal Password are installed as part of the NetWare 6.5 or later and eDirectory 8.7.3 install; however, Universal Password is not enabled by default. Because all APIs for authentication and setting passwords are moving to support Universal Password, all the existing management tools, when run on clients with these new libraries, automatically work with the Universal Password.
NOTE:The Password Management plug-in is available for download at the Novell Free Download Site.
The Novell Client supports the Universal Password. It will also continue to support the NDS password for older systems in the network. The Novell Client has the capability of automatically migrating the NDS password to the Universal Password at the time of the first log in.
For more information about deploying and managing Universal Password, see the Password Management Administration Guide .